[bluu00]

> Remember to audit your extensions frequently, and remove any unused extensions.

> In the case of Nano Defender, users were not notified before control of the extension was transferred to a third-party. That's not the right way to handle this.

The whole browser extension ecosystem seems to be purposefully bloated with such loopholes allowing such backdoors. I remember seeing a clg presentation, "a browser is a literal nuke you carry on yourself, whatever be the ... or claims as of sandboxing, you're already dead" - loosely quoted.