Seemingly harmless Chrome extensions aimed at improving browser privacy and analytics could be inadvertently leaking API keys, secrets, and other sensitive machine information.
According to a Symantec research, several widely used Chrome extensions, including DualSafe Password Manager and Avast Online Security & Privacy extension, are exposing information either through insecure HTTP transmission or hardcoded leaks.