the hacker can go into your C drive, and go to C://Users/(account name)/AppData/Local/Google/Chrome/User Data/Default/Login Data and simply query the local SQL server for details of the URL, username and encrypted password of the website you have visited.