To put it simply, whenever you input your username and password to sign-on on to a website, the Password Checkup extension will automatically compare those entries to a database that contains over 4 billion compromised credentials. If your login credentials are found within the database, Google will present a warning message that alerts you to change your password.
Google says that it won't keep bombarding you with alerts for just any username/password combination to avoid "fatiguing" the user. "We won’t bother you about outdated passwords you’ve already reset or merely weak passwords like 123456," writes Google. "We only generate an alert when both your current username and password appear in a breach, as that poses the greatest risk."
Now before you ask, yes you are sending your login and password information to Google by using this extension. And chances are you likely already your passwords stored using Autofill in Chrome anyway. But Google is looking to calm any fears about Google using this information for nefarious purposes or it falling into the wrong hands, writing:
At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.
Of course, apps like LastPass have similar functionality built-in, and you could always go to a website like HaveIBeenPwned.com to see if your credentials have been compromised. But nothing beats the convenience of having an extension installed on the world's most popular browser to automatically do the dirty work for you.
You can grab Google's Password Checkup Chrome Extension right here.