In theory the browser integration shouldn’t leak anything beyond the credentials being used, even if compromised.

When you use autofill, the native application will prompt to disclose credentials to the extension. At that point, only those credentials go over the wire. Others remain inaccessible to the extension.