If using the sandbox CSP or iframe tag, the web content is supposed to be not trusted by the main resource origin. Therefore, we'd better disable the password manager entirely so the untrusted web content cannot exfiltrate passwords.
https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x