Interesting article about web trackers exploiting browser login managers stealing your email and passwords easily.

TL;DR

3rd party scripts on websites can extract saved passwords from your browser’s password manager without user intervention (depending on browser). Countermeasures include: separate domain for signon, install adblocker, disable login autofill, etc.

Link to original article