If your machine is ChromeOS then it has a secure bootloader and doesn't have any way to access the actual unix system except through Chrome, so there is no official way to access the passwords directly. But Chrome simply hands your passwords over and anybody using the computer unsupervised for 10 seconds can see all your passwords and take a photo of them to use later on. Just going to the bathroom while somebody is using your computer and all your saved passwords are compromised. A user would have to root ChromeOS in order to do this without Chrome's help, which is an extremely high bar.
The only difference between ChromeOS and desktop Chrome is that the bar to stealing protected passwords is lower than rooting the OS -- but the bar still exists and it is higher than most people can reach, so it is still mostly effective at protecting the passwords.
If Google feels that a master password is annoying and useless because people won't use it then the proper solution is to *never show the saved password*. Except then if some site changed their forms a lot then you couldn't log in unless you remembered the password, but so what? Use the site's password recovery mechanism.
The simple fact of the matter is that Google purposely made an insecure system to make the browser more convenient, and allows no option for people that want to choose security over convenience. This is Google's vision of the future internet: whatever they decide is your only option. That's the real reason why this teapot has a tempest in it... if Google gets what it wants and the only browser is Chrome, on ChromeOS, what then? Sure Chrome has poor security for the passwords, but the real problem here is Google's explanation which is "we decided to do it this way, and that's final".