OK, sure, why not.
You are technically, but mostly meaninglessly, correct. There is a place where Chrome's password storage is vulnerable. That place is when you're logged in and allow access to an application that will use your user credentials to decrypt it (Keychain on Mac, CryptProtectData on Windows, who-cares on Linux). Anything that can access the Login Data database can already fuck with anything else it wants to; on either Windows or Linux (OS X requires you to enable things in Universal Access, and AFAIK that can't be done without user participation) you can already hook the keyboard and just pick the password vault's passphrase when you enter it--and it'll be trivial to figure out what it is because you'll enter it repeatedly through a day, like any other password.
So, yeah, it's "insecure", except that there's no attack vector worth considering that you don't already implicitly allow breaking your password vault by giving something the ability to read locally. The only serious argument against using Chrome password storage is security by obscurity, and if you want to rely on that that's cool, but I'd rather just not do stupid shit with my machine.
(There is a good reason to use 2FA with your vault, and that's an argument against using browser storage. But the ease-of-use for 2FA with a password vault is somewhere around fuck-all, and I won't recommend it because then people won't use the vault.)