[keysersoze33]

Sadly the blogpost fails to mention which browser extension was the macilious one that compromised his session tokens.

While quite technical users (a la. this community and devs in general) would be able to inspect the source code of browser extensions to do an audit, most of us don't have time for this, and we just have to rely on the browser add-on number of downloads & reviews as a poor indicator.

It would be really useful to know how this particular extension was rated

[ahmetomer]

Hi, OP here:

Unfortunately, with a brisk urge to clean it all up, I hadn't paid attention to which extension it was that got my browser compromised; I had immediately removed all extensions, cleared browser data, stopped the sync, and uninstalled it altogether (for fear of getting further compromised).

What I can say is that I have tried a number of extensions for the purpose of making a website in dark theme, for ease of reading, which weren't as popular (in terms of rating & installs), and highly likely that those were malware.

That being said, I now hesitate to even install extensions that are selected by the Google Chrome editor team. I vibe-coded a simple extension myself to use as a "dark reader", and will probably avoid installing anything anymore. I got my fair share of damage.

[wt__]

Firstly, I really liked the way you wrote your blog post.

FWIW, I experimented with dark theme extensions (paid and free) and gave up on them after a while: it just all felt a bit too clunky and unreliable, the flashes of unstyled pages were annoying too.

I've now standardised (this is in Firefox) on a combination of:

- Reader mode

- a very simple extension that allows per-domain custom CSS…

- …and another that lets you disable Javascript completely per site (which adds a bit of security, generally improves the experience, including the side effect of removing cookie popups.)

[omnifischer]

Totally. This would have been vital.