Perhaps unrelated to the topic but my standard PSA is "Browser Extensions see ALL your webpages in cleartext. as a general rule dont install extensions unless you absolutely have to and only those that you really trust".
You can now whitelist extensions to only run on specific domains. There are a lot more changes coming in v3 of the extension API, you can see the (strong) reaction to the changes in the chrome extension forums.
