ZDNet: Websites can steal browser data via extensions APIs

ZDNet: Websites can steal browser data via extensions APIs. “Malicious websites can exploit browser extension APIs to execute code inside the browser and steal sensitive information such as bookmarks, browsing history, and even user cookies.The latter, an attacker can use to hijack a user’s active login sessions and access sensitive accounts, such as email inboxes, social media profiles, or work-related accounts.”