It's hard to see how you would implement that, any script run within the context of the page needs access to these fields for backwards compatibility reasons, so the context script of the extension would just need to find a way of running code in the context of the page to exfiltrate the data. It could do this by adding script tags, etc.

Browsers break backwards compatibility for security all the time. Most recently Chrome made accessing devices on a local network require a permission. They completely changed the behavior of cookies. They break loads of things for cross origin isolation.

Sure, but this would break a significant portion of sign in UIs.

Even scripts within the page itself cannot read the value of password input fields. This is less of an issue than you are presenting it as.

...uhh, yes they can? Are you talking about input type=password fields, i.e. the ones 99% of passwords are entered in?