Board Thread:General Discussion/@comment-9605025-20200304001118/@comment-168424-20200304004048

It looks like Chrome just compares its saved password data to some breach list Google has somewhere.

Just a piece of advice. Never change your password from UI presented by a popup. Only change your password on a page served with HTTPS where you can verify the domain in the URL matches what you expect. Be careful of sneaky fake domains like gogole-security.com.

Some sites give you a popup as the only way to change your password, so in those cases, use the JS console (usually F12) and make sure the popup is coming from or using expected domains.