Actually, they didn't necessary break any laws with that.
For once, it depends on where you actually buy the Software, in what country and so on.
German law certainly doesn't apply here, neither does dutch law. You might life there, but you didn't buy the product there.
And to break german law with that, the passwords and usernames would have to be stored encrypted. And i'm not sure Chrome actually does that. Id they weren't encrypted.... bad luck.
Let's just say it's complicated.
Also, is it unethical? Yes, but we don't really have the moral high ground to actually point at others and call their actions unethical. Unless you are living in a third world country, then you actually have the moral high ground. So...
What they did was bad, no question asked.
But it also revealed a few issues we got these days:
Browsers that can store passwords and usernames is one of the issues, seriously.... it's the worst idea in the hiostory of browsers.
You are constantly connected to the Internet with them, and download Data and send data to servers. There always have been security holes in browsers, and there always will be. It's just one of the worst places to store passwords and usernames.
Another issues is of course people accepting and using such Functionality, because no one ever told them about the security risk.
Those issues should be addressed, people should be made more aware of security risks. They should also made aware of things like WhatsApp and their parent company Facebook, and what they actually do with privat data they collect. And there is countless other companies that sell privat Data.... that People give them with their free will... just cause they don't know better.
Or accepting of about every Programm thats send with an eMail.
Making people aware of such risks, would decrease the threat a lot already. Sure it won't go away. But this maleware FSLabs used would never have existed if people weren't so careless with their Data.