The thread model is that maintainers of popular extensions get offers of several thousand $ all the time to pass over ownership. And there have been several incidents in which the new owners added trackers to the extension itself, tracking the user across all domains.
These extensions usually have full access to the DOM, so they can do everything they want to.
So their question is very much warrented: installing as new extension should always be well considered.
I mean... I don't really have a response to this. This is security modeling 101. To different threat models, this is a varying degree of a threat - anywhere from "not a threat" to "unacceptable threat".
You cannot universally answer the question "how much of a threat are chrome extensions".
I understand that this is a pet peeve of yours. But what exactly stops you from learning what kind of data chrome extensions have access to (they can see everything on any page you visit and send it to perpetrators) and assuming the worst?
oooo..... are you talking about chrome store that has adware filled garbage duplicates of good quality extensions?
firefox addon store is very much better in that regard. Anyway, this makes me feel like you don't know about gorhill and UBO? that is actually recommended for sane internet browsing on any browsers.
As i often say, surfing the internet in a browser without UBO feels like having unprotected sex. Fun but dangerous.