Before talking about attacks, I suggest you use random key with enough bits (at least 128 bits) instead of the passwords. You don't need to hash the key many times, just use a good key. If it is derived from the password, use a good Key derivation function to derive the key and use that instead.
Now back to your question, you said it yourself, known plain text attack is possible. And it is disastrously easy to do that. All you need to know is a single block of plain text in order to recover all subsequent plain text by revealing the hash at that block. This is a lot lower level of security compared to what is expected of modern ciphers which are designed to be secure against adversaries capable of performing chosen plaintext or chosen ciphertext attacks. It is not even that difficult to figure out or at least narrow down to feasible number of tries for one block of plaintext based on file formats, few available information on the file owner etc, which can be used to decrypt entire ciphertext.
Actually, long before I also thought of a similar cipher, but instead of just hashing everything iteratively, I thought of doing xor of the left half of hash output with the plaintext block and hash the right half for the next block. This can be randomized by mixing public random number with the key. Another more well known way is using hash in CTR mode to generate the stream like we do with block ciphers as CTR mode does not require you to be able to decrypt the block. As kelalaka pointed out, it provides random access too.
But remember that this cannot be shown to be secure in the plain model and thus you cannot be very sure about its security with hash functions like SHA-2, which was not designed to be used this way. This requires a further assumption that your hash function is close enough to a random oracle to use like this securely. And even if it is secure with common hash functions, it will likely not have widespread use because it will be hell a lot slower than hardware assisted AES or Chacha20 (which also uses CTR mode as mentioned above).