| > Most antivirus solutions built into operating systems such as Microsoft defender are unlikely to find suspicious extensions that are exfiltrating your data They can flag antivirus signatures just like everything else, and I've experienced this happening in the past. In the end, extensions are just some javascript/css files in a folder and they get scanned just like everything else. > Extensions autoupdate So can any piece of software if it wants to. It's trivial to make an updater start on boot. > It is not uncommon for large spyware companies to buy up a bunch of the most popular chrome extensions, and proceed to inject them with malware The same can, and has, happened for "regular" software. > Since an extension runs inside your browser, it's much easier to forget that they're essentially always running, whereas once I exit a desktop app it's presumably gone Desktop apps can trivially just not show a window if they want to. They can trivially add themselves to autostart. It depends entirely on what they're doing, just like an extension. |