27 of a 100 tested Google Chrome extensions have been found vulnerable to data (passwords, history, etc.) extraction attacks though specially crafted malicious websites or by attackers on public WiFi networks.
[…]
But, there’s also good news: 49 of the 51 vulnerabilities found can be patched by simply adapting the extensions to use one of two offered Content Security Policies (CSP).
Read more on Help Net Security.