The way it works is that instead of sending your password to their server to check (which they do not do that). They download known a list of leaked password to local to check.
The wording of Google is very very ambiguous there avoid to say that they are sending it but says that they are encrypting your credentials so that Google can't know it.
I have found the following page that gives more details:
So if what it says is true, they don't exactly send your password, but still quite a lot of data about your credentials, in addition with the fact that you are trying to connect to a website based on the fact that you are doing the request at this exact moment.
Again, in theory I don't have a problem with them providing that kind of service. Just not to suddenly enable it for users in secret, hide very well the way to disable that, and especially when you asked Google to not manage your passwords.
A good question to ask is why the option to disable that is not located near the parameters for password and password management in the browser?
This is how 1password does it for their watchtower feature (basiclaly same feature as your google example)
https://support.1password.com/watchtower-privacy/
The way it works is that instead of sending your password to their server to check (which they do not do that). They download known a list of leaked password to local to check.