Like another user mentioned because of this I only trust a few key extensions(and like that user uBlock, Bitwarden, etc) with this sorta access.
I'd be very wary of those scrapy screen/session recording startups if for no other reason than they could be particularly vulnerable to supply chain attacks.
Not only is it theoretically as bad as it sounds, its as bad as it sounds in reality as well. Most of the top extensions get sold to ad companies and silently start sucking up all of your browsing data to sell on. Some of them start injecting their own adverts and tracker scripts on to pages, some of them are outright stealing your credentials.
And you realistically have no way to sort the good from the bad. Especially when the good silently get sold to the bad and automatically updated.
Yeah I always go to the source/project URL in the chrome store and IDEALLY it's a github repo with a bunch of contribs but I'm sure I've played loose with a few that had no other options.
I just had one big extension I use get bought by someone last week when it updated. I gotta dig through that now.. I used to hide that extension update popup screen but now I'm glad I didn't.
Like another user mentioned because of this I only trust a few key extensions(and like that user uBlock, Bitwarden, etc) with this sorta access.
I'd be very wary of those scrapy screen/session recording startups if for no other reason than they could be particularly vulnerable to supply chain attacks.