Google Bug Tracker link [link fixed on 2018-08-23] This issue was resolved in version 98.0.4758.80 or later. In all Chromium releases prior to version 98.0.4758.80, extensions were not properly handled when they were installed via HTML. Malicious web sites could easily cause users to install extensions with code that could exploit these issues.
What do we mean by “extensions aren’t installed securely”?
When a user installs an extension via HTML, they often don't have the same level of control over it. For example, if a user installs an extension that contains malicious code, they can have it silently run in the background and steal their information or install adware or malware on their system. In fact, some software may even be spying on what you're doing.
Google released a fix for this issue that protects against these types of issues by requiring passwords for extensions that are installed this way.
Overview of the Security Vulnerability
Security Risk: Potential Code Execution
The issue was fixed in version 98.0.4758.80 or later of the Chromium browser.
What to do if you are currently using an extension with code execution bug
If your extension is affected by this bug, you do not need to take any action.
Scoping issue: Extensions not loaded properly
Extensions were not loaded properly in Chromium prior to version 98.0.4758.80. This could allow malicious web sites to easily exploit this issue by installing extensions that would be able to collect data from the user's browser and send them back to the malicious site.