Obviously the browser doesn't need to have unfettered access.
It just needs to tell the password "hey there's a password on wellsfargo.com" and then the password manager asks the user if they want to use the password. And maybe give access to all passwords.
Safari pops up a little box attached to the login text field asking you if you want to use the password for wellsfargo, so it seems like it’s asking keychain “do you have a password associated with this url?”. At least on modern MacBooks they also figured out a good UX flow, when that box is on screen you put your finger on the Touch ID button and it authenticates you, puts in the password, and goes to the next field or hits submit.
It just needs to tell the password "hey there's a password on wellsfargo.com" and then the password manager asks the user if they want to use the password. And maybe give access to all passwords.
IDK, what does safari do?