Chrome extensions have a manifest file, that specifies which pages that you visit, that the extension can interact with. The extension you're trying to install, might need access to all pages you visit.

Some extensions might want to access any page you visit, for legit reasons. Most, in fact. If the extension does anything with your page (modify, extend or in any way behave because of the content you see), you'll get that warning when installing the extension.

Extensions cannot access the passwords you store in the password manager that is built into Chrome. It might, however, have access to the information that you submit to websites, including passwords and other personal details. But it would have to be built for that specific purpose.

It all boils down to wether you trust the source or not. The vendor cannot hide how the extension works, so a rouge extension would probably have a short life.

Cheers!