No, an extension that has good reason to inject a script into every webpage can, with the same permissions, exfiltrate user data under a new owner. Almost all extensions thus users are vulnerable to this. There is no higher priv the script needs to ask for.
