I’m totally new to Manjaro. I installed manjaro, and then aur google chrome and then deleted it and reinstalled manjaro.
However, I did sign in to my google account.
I would reckon that if it was malicious, it would then have all of my passwords for everything i have ever saved to google-chrome. Is that correct?
How likely is malicious code on aur GoogleChrome?
I’m on firefox now and getting used to it…
I could kick myself.
You will never find out 
Passwords should be changed from time to time anyway, good reason to do it now. 
wow 
would it be able to get ALL of my sync passwords? I actually logged in with my phone verify.
https://aur.archlinux.org/packages/google-chrome/
If it was that particular one, that must be one of the, if not the most downloaded and used packaged in the whole AUR.
So if you are in trouble, tens of thousand around the globe also are. And someone would had noticed it by now already. What I mean, it’s that you are probably fine.
okay… people are quite trusting I guess. This is my first few hours on manjaro.
You may be new to Manjaro, but not new to computers. You must have heard Google reputation by now. Don’t use it if you value your privacy.
There is open source Chromium build in the official Manjaro repositories, if you care that much about the source and trustiness of the packages.
There aren’t many differences between them that you should notice. I recommend it to you instead.
My personal advice is to always check the PKGBUILD file of every package from AUR that you want to install.
In case of google-chrome it’s this one:
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=google-chrome
Doing so, you will be able to know where each package pulls its sources from and decide if you want to trust it or not.
yes. i did that… I think… I’m changing passwords now… but many of them
All right then, that’s a good practice anyway, but there is no need, really.
If you check the PKGBUILD as @bill_t says, you would notice that all that that thing is doing, it’s downloading the OFFICIAL .deb build for Debian/Ubuntu, from the OFFICIAL Google servers, and just extracting it in a way that works on an Arch structure. That’s it, that’s all. If you trust Google, and that’s another whole matter, you can trust this.
Maybe it is good to get off of google-chrome anyway. Thanks for the reassurance. It will take some time to fix my passwords… which I’m due for and many are reused. However, I’m a monk with no money. 
so they are not getting much.
If it is such a standard package? Why didn’t they add it to the main repo?
Because chrome is cancerous google spyware. Chromium is however available in the official repos (if under duress)
Your best bet for password security is to use a trusted password manager, if you are looking for cloud storage bitwarden is probably the best you could do.
Firefox browser is safe, secure and in the official repos.
As Signalrunner says that bill says, if you check the script you’ll know exactly what you’re getting in for. You’re not in any danger regardless.
Here are some reasons:
Licensing issues. Google probably doesn’t allow modification of the package and distribution at the same time. And Chrome it’s closed source, which isn’t view as that great of a thing in GNU/Linux world.
And again, there exist a free, open source alternative in Chromium, so it is good that things are this way probably.
If Google Chrome is based on Chromium, then why would Google be free from open source rules?
Some would say GoogleChrome itself is malicious…
They are not. The license (3 clause BSD mostly) allows usage in proprietary and closed source software.
The BSD License allows proprietary use and allows the software released under the license to be incorporated into proprietary products. Works based on the material may be released under a proprietary license as closed source software, allowing usual commercial usages under them.
Google Chrome openly uses proprietary, binary blobs in their browser. By using Chrome, you not using open source.