I think this is the piece of code responsible for considering the "http://*/*" and "https://*/*" permissions as effectively asking for access to all urls:
And that function is called from here:
Complementing what @Alex said (I completely agree with you btw!), I think this behavior is fine from the point of view of users: Chrome prompts users to accept the "Read and change all your data on the websites you visit" (pseudo-)permission in both cases, so it is consistent.
Another thing we could debate is whether more granularity in the permission prompt is desired, but I think this simplification is good so users don't get confused (I think it's better for the prompt to ask for permissions to "all your data on the websites you visit" rather than ask for access to "http://*/*" and "https://*/*", which is pretty technical and most users wouldn't understand that).