This is getting silly, now you can't even trust extensions anymore? I wonder what browser makers will do about this, since we can't count on extension developers to keep people safe.
Good move from the Chrome developers: https://www.bleepingcomputer.com/ne...xtensions-take-over-your-internet-connection/
Phishing campaign targets developers of Chrome extensions October 1, 2018 https://www.zdnet.com/article/phishing-campaign-targets-developers-of-chrome-extensions/
Take ones that are most needed/wanted for security, privacy, spell checking etc... and build them into the browser this way the browser developer controls and updates them like in Brave Browser.
Indeed, especially when it comes to crypto. Everytime security researchers inspect AV's SSL filtering, they find problems (one of them). So it's no wonder that while many IS/TS started to incorporate VPN & pwdmgr there're many security problems (using known IPSec key, leaking IP, not using uniform CRNG, and more serious vuln such as TrendMicro & Kaspersky). It seems only sure way to be relatively secure is to install as fewer program (which you can trust to some extent) as possible, addon is no exception. Do not trust just because big company is in back.
Exactly, it's a good idea. Another possibility is to put more restrictions on extensions. Actually, you don't have a choice if they offer functionality that you really need. I think most people trust extensions like uBlock and Privacy Badger to name a few.
R- I didn't say never use them, just don't install any and all with blind trust. One would never consider this with applications, but far too many will do this with extensions. An extension that has been out for years THAT HAS THE SAME PUBLISHER will no doubt be fine; but a new extension or an existing one bought by someone else must be viewed with suspicion. M