Potentially? They already have. Now they’re just linking things because they’re wanting easier and convenient access as well as “terms of service” clarity.
I think it’s safe to say google etc don’t require cookies to track you. And they’ve already mapped out any secondary gmail accounts you have. And they have your complete browser history joined from all devices they’ve stitched into your shadow profile which you can’t delete or access. Incognito mode is only good for the little spy guy graphic.
This is the 21st century - all activity is logged for future sale.
Everything you do in chrome is called back to google servers. Even if you block cookies you can look at the network tab in dev tools and see it calling back; also it sends the links you click on to a malware check service (you know, safe browsing) that server tracks everything you click on: no cookies needed; there are also endpoints for transmitting your urls for 'quality of service' (to optimize bandwidth), that tracks, and then all the performance data called bakc to the google servers could potentially have your data steganographically included in that data
There are many things that chrome is doing that are dubious, quasi legal
one thing they could be doing is a kind of reverse beacon or barium meal beacon where they generate a unique code and steganographically insert that as an overlay into images...you won't see the difference when your webpage loads the image, but then some javascript will send that image back to a server, and there you ahve a cross site tracking mechanism. This concept has been used in browser fingerprinting, but now that has evolved with html5 with the canvas tag which generates unique ids and sends that back in order to track your browser everywhere around the internet without needing cookies or websocket sessions or any other newer session mgmt mechanism
Note that the Safe Browsing service is also used by Firefox. If you interact with a CA or some other services they may also use it to check that a domain does not have a history of malicious activity.
To think Google ( doubleclick ) and their competitors ( aggregate knowledge ) and others in that space arent already associating your browser history with your identity is a bit naive.
One of many reasons: you may trust given computer with your gmail content, but you may not trust it with all your saved passwords. Silently bringing them all in there, if true, this is insanity from a security standpoint.