Security conscious users keep their operating system and other software up to date, but a huge risk is often overlooked: the underground trade of malicious browser extensions that people install themselves.
Extensions are in such as prime position for hackers because, depending on the purpose of the extension, they may have special permissions to access information inside the web browser. These can range from the data on all the websites you visit, which lets the extension potentially read, request, or modify data on anything, from your online banking site to Facebook. Others may request access to your browsing history, your clipboard, or bookmarks. The security of the particular browser may be great—it is getting more and more expensive for someone to remotely hack Chrome, for example—but that protection can be undermined if a malicious extension is just sitting inside the browser.
Full article: The Hack Millions of People Are Installing Themselves – Motherboard