Personal auditing doesn't really solve the problem because extensions update automatically, and there are numerous cases of the authors of popular extensions being approached to sell out their userbase in exchange for cash, providing a motive for formerly-audited extensions to go bad. Here's some basic tips at defending yourself:
1. Minimize the amount of extensions you use to the bare essentials. If you can live without it, uninstall it. If you rarely use it, uninstall it.
2. Prefer extensions from well-known organizations rather than unknown individuals. Example: there are plenty of extensions that force HTTP requests to HTTPS when possible, but I exclusively use the one from the EFF. Organizations have less to gain and more to lose from breaching the trust of their users in this way.
3. Prefer extensions that multiple software developers have recommended personally. This won't itself protect you from malware, but it does increase the likelihood that emergent malware will be discovered promptly and loudly publicized.
4. If you absolutely need an extension and none of the above apply, download the source code of the extension yourself and manually load it into your browser, to keep it from being automatically updated. (Part of me is wary to recommend this, as software that never gets updated is historically prone to being exploited by lingering unpatched flaws, but I'm having a hard time coming up with an attack vector of this sort for browser extensions.)
1. Minimize the amount of extensions you use to the bare essentials. If you can live without it, uninstall it. If you rarely use it, uninstall it.
2. Prefer extensions from well-known organizations rather than unknown individuals. Example: there are plenty of extensions that force HTTP requests to HTTPS when possible, but I exclusively use the one from the EFF. Organizations have less to gain and more to lose from breaching the trust of their users in this way.
3. Prefer extensions that multiple software developers have recommended personally. This won't itself protect you from malware, but it does increase the likelihood that emergent malware will be discovered promptly and loudly publicized.
4. If you absolutely need an extension and none of the above apply, download the source code of the extension yourself and manually load it into your browser, to keep it from being automatically updated. (Part of me is wary to recommend this, as software that never gets updated is historically prone to being exploited by lingering unpatched flaws, but I'm having a hard time coming up with an attack vector of this sort for browser extensions.)