Wow, this is more serious than I thought. So basically, malicious extensions can disable other legit extensions like the one from your password manager, and temporary clone them to make it look like you're logging into your real password manager, while all of your info is captured by your fake extension. This just shows how badly the browser extension system is designed, shame on Google!
