- Is the message reliable, in the sense that the breach occurred?
Yes, the message is quite reliable. The breach very probably did occur, as the message says, on a site or app. It did however equally probably not occur on your router.
- If so, how could that breach happen?
There are many ways an app or site can be breached.
Unpatched vulnerabilities can be exploited.
Employees can be induced through social engineering or bribery to give access.
Disloyal employees may abuse their access.
- How could Chrome tell the breached happened?
Chrome automatically checks your password against a database of passwords that have been found in known breaches.
- Did I have any extension that caused it?
The breach did most probably not happen on your router but on some other system, so the question does not apply.
- Is there any chance that the breach did not happen? Or even worse,
that the warning is actually fake, perhaps so I go and change the
password for some other extension or else to read it?
No, this warning is genuine. It just doesn't say what you are reading into it.
It does not tell you that your router has been breached.
It tells you that you are using a password which has been found in some breach somewhere, and consequently at increased risk of being guessed, should someone try a password guessing attack on your router.