We put so much important information/data through browsers (and smart phones for that matter), and it is becoming hard to trust third party code running on either. Trust in the publisher has become mandatory for me and the only browser plugin I run now is Bitwarden. Neither the app store operators nor the browser publishers seem to have an answer for reliably thwarting malicious actors. I don’t know what the answer is, other than developing literacy in writing browser plugins and adding functionality through my own code.