Chrome Extensions Security

Shouldn't be a surprise, chrome extensions are still the wild west.

Unfortunately permissions to access everything on every website are way to broad for a niche extension like this. There's no guarantee it won't be sold to a malware developer in a month. If you want to use it, I suggest cloning the repo and loading it as an unpacked extension to avoid auto updates.

Google could change chome at any time to snoop on all your stuff too, yet we trust them more than extension authors?

Interesting that extensions are not seen as trustworthy. I installed a third-party one for work, and it kept opening up the developers website which was blocked by our firewall. Why try to do a web action the user didn't request? It devolves trust.

Browser extension that do that require full access to the contents of the website. That’s why some people decide not to use those extension.

Do you happen to know? Quick Google search didn't help. Are their any potential security concerns to the user if using their extension?

Based on what they can do, extensions should be naturally trusted to the same extent as the browser itself... I think this is a feature, not a bug. Besides, AFAIK with extensions being distributed in the form of source code, it's not hard to inspect one to see what it truly does, and it only takes one person to find out and tell everyone else.

Playing devil's advocate here, don't they need to protect their users from nefarious add ons that could steal data?

My general policy is to never install any extension that has full browser acceess. Except if it's from the faang companies themselves.

Wasn't the whole purpose of web extensions to make this not a problem?