Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands. It makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or actively maintained by developers. Google tries to communicate the potential risk of extensions using three alert levels: Low, medium and high.”]
Source: https://krebsonsecurity.com/2018/09/browser-extensions-are-they-worth-the-risk/