My general understanding is that they browser fingerprint you. And then if that fingerprint is ever detected on a site that also knows your pii they have you. Is that the gist of it or are there more shenanigans I'm unaware of
"They" aren't that interested in PII. They're interested in assigning a unique identifier for you and building as detailed of a profile about you as possible, for targeting ads to you, and more recently tailoring prices to maximize value extraction when you buy something. Focusing on the narrow definition of "PII" as it usually is defined in law is a total distraction. Your email address and name are irrelevant for all of that.
By default, I believe that anything you put in the "omnibox" is sent to Google - even if you don't press enter. So, if you use it as a clipboard of sorts and paste a secret / token / key, it should be considered compromised.
You can validate this by going to chrome://omnibox
