Summary:
Whether you want to block ads, keep a to-do list, or check your spelling, browser extensions allow you to do all the above and more, improving convenience, productivity, and efficiency for free, which is why they are so popular. First, not every innocent-looking extension is in fact innocent. Malicious and unwanted add-ons promote themselves as useful, and often do have legitimate functions implemented along with illegitimate ones. Some of them may even impersonate a popular legitimate extension, their developers going so far as to stuff keywords so that their extension appears near the top of the browser’s extension store.
Malicious and unwanted add-ons are often distributed through official marketplaces. Victims of these attacks were not only individuals, but also businesses. Overall, more than 100 networks were abused, giving threat actors a foothold on financial service firms, oil and gas companies, the healthcare and pharmaceutical industries, government, and other organizations. Another malicious Google Chrome extension that was available for download even in the official store could recognize and steal payment card details entered in web forms. Google deleted it from the Chrome Web Store, but the malware had already infected more than 400 Chrome users, putting their data at huge risk.
References:
The following reports contain further technical details:
https://securelist.com/threat-in-your-browser-extensions/107181/