Edit: My initial comment was incorrect, corrected version below.
Chrome Sync encrypts sync data on the client. By default the encryption passphrase is your Google Account password. This allows Google to read the data, as described here: https://support.google.com/chrome/answer/1181035?hl=en
However, you can set a separate Chrome Sync encryption passphrase in settings. This second passphrase is never sent to Google at all and allows you to use Chrome Sync without Google reading the data. It should be obvious why this is not the default, as requiring a second passphrase is a very significant decrease in usability, but it's there if you want it.
My initial comment was incorrect and has been updated. However, have you actually tried the scenario you describe? In the past, when I have changed my Google account password and logged into a new computer, I have had to enter my previous account password on the new computer to decrypt the data before Sync would work. Indeed, if you look in Chrome Sync's settings, you will see text that looks like this: "All data was encrypted with your Google password as of Jan 17, 2015", letting you know which version of your password to use.
I’ve last used Chrome around 2012, and at that time it would work after resetting the account password. In fact, I still don’t know which account password I had used.
So at least at some point in time Google did store all this data.
It seems to have been quite leaky in the past, and that doesn’t make Google any more trustworthy.
Solution: Use Firefox. Also, Firefox at least allows Cookies on localhost or other local domains.
Anyway, Google may not store any bit of my browser history in the US anyway, so I should probably go to court against them.
Chrome Sync encrypts sync data on the client. By default the encryption passphrase is your Google Account password. This allows Google to read the data, as described here: https://support.google.com/chrome/answer/1181035?hl=en
However, you can set a separate Chrome Sync encryption passphrase in settings. This second passphrase is never sent to Google at all and allows you to use Chrome Sync without Google reading the data. It should be obvious why this is not the default, as requiring a second passphrase is a very significant decrease in usability, but it's there if you want it.