You are smart to be skeptical of Google’s intentions, but it seems like it is possible to make an implementation without the problems you identified.

The TPM stores the private key and doesn’t hand it out to anyone, not even the browser. Malware can no longer “exfiltrate” the whole session. I.E. if a piece of malware manages to compromise a cookie, it can send it off-device, where it can be freely used to impersonate the user. With the TPM involved, any impersonation of the user has to be done locally on the same device, which is theoretically more difficult to do than just silently steal a cookie.

I’m on board with you, though, in being skeptical here.