https://palant.info/2025/01/13/chrome-web-store-is-a-mess/ So the conclusion is: stay away from Chromium-based browsers. If you're unwilling to do this limit the number of extensions to the absolute minimum and try to make sure that they are trustworthy (which is often a big problem of its own). Better use Firefox with recommended extensions (which are vetted by Mozilla not only once but with every update).
Yes, it's indeed a mess. And what's even worse is the way that Chromium browsers are designed. How on earth are extensions able to steal cookies and passwords stored in the browser folder? I'm not sure if MV3 is going to fix this. And there also isn't an easy way to disable autoupdating of extensions in Chromium browsers, this is completely nuts. But don't forget that Firefox extensions can be risky too, see link. https://cointelegraph.com/news/fake-okx-plugins-found-firefox-browser-store
Follow-up post: https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
do not surprise me. google has no addon checking like mozilla has, "recommended" - which means a manual and deeper review from review team - or regular by machine only. nevertheless the mozilla review team check all addons by random choice, public or private - i know that for sure. what else? best way to check addons is to check them vice versa. explore same extension on AMO, save both, extract them, and compare hashes. or search for expressions which request data from web, or search encoded data - which is at all not hard to find. also read comments/feedback for extensions.
