[FryHigh]

This vulnerability was published (another article) over a year ago. I'm surprised Chrome hasn't fixed it.

I think this means browsers will never fix this issue. I won't be using auto-fill on untrusted webaites.

[robert_tweed]

This is a very old exploit. The earliest references I could find were from 2010.

As other comments have noted, it isn't trivial to fix completely, so I believe most browsers just haven't bothered at all, but have implemented some extra protection for credit cards (and of course, CVV numbers are never stored in the first place).

[amenod]

Not all browsers - Firefox suggests form input values one by one (when you click in the field) so it is not vulnerable AFAICT.