By default, I believe that anything you put in the "omnibox" is sent to Google - even if you don't press enter. So, if you use it as a clipboard of sorts and paste a secret / token / key, it should be considered compromised.

You can validate this by going to chrome://omnibox