What Google does see is a hash-prefix of your username, to narrow down the encrypted data set of compromised credentials being returned to your Chrome instance.
We don't have the same background, but I don't think that it is ok at all.
Sending even a few bytes of hash about your username is quite a lot of data.
That might be enough to weaken your credentials, but mostly think about what they can do or 3 letters agencies can do with this info that is streaming straight to US:
Even without certitude of the exact account, we can know that you connected to a website with a credential that matched a defined hash. We can know that you connected regularly with it, probably time when you connected as the check is performed most of the time when you are connected, we can corroborate that with other access logs. We know that you were not using other usernames that you provided that are not marching this one based on hash.
As an example, US is asking users to list all their social accounts, I think that it is optional but they would like very much to make it mandatory. Then, imagine that they compare all the username you provided with the hash of passwords you checked regularly on your device to say: you probably have other or alternative accounts that you don't declare.
All of that in a stealth surprising way for users that asked nothing. It's a lie to say that it is protecting "your browsing experience". It is unrelated. You can not browse to a website and tour account is still hacked. Website owners are free to report to users leaks. Users are free to use password manager with such features.
Sending even a few bytes of hash about your username is quite a lot of data.
That might be enough to weaken your credentials, but mostly think about what they can do or 3 letters agencies can do with this info that is streaming straight to US:
Even without certitude of the exact account, we can know that you connected to a website with a credential that matched a defined hash. We can know that you connected regularly with it, probably time when you connected as the check is performed most of the time when you are connected, we can corroborate that with other access logs. We know that you were not using other usernames that you provided that are not marching this one based on hash.
As an example, US is asking users to list all their social accounts, I think that it is optional but they would like very much to make it mandatory. Then, imagine that they compare all the username you provided with the hash of passwords you checked regularly on your device to say: you probably have other or alternative accounts that you don't declare.
All of that in a stealth surprising way for users that asked nothing. It's a lie to say that it is protecting "your browsing experience". It is unrelated. You can not browse to a website and tour account is still hacked. Website owners are free to report to users leaks. Users are free to use password manager with such features.