A lot of Google Chrome extensions have the permission to read my data on websites that I visit. To avoid password theft I therefore picked my Google Chrome extensions very carefully.
Now I need to use a Google Chrome extension, that seems reputable, but I don't trust it 100 percent.
I plan to install this extension, use it for a few hours and then uninstall it again. Will this extension be able to access the passwords/data of websites that I visited before I installed the extension? Or will it be only able to access information about websites that I visit after I installed it?
My plan b is install the extension in a virtual machine or an old laptop instead.
Best Answer
The extension may or maynot be able to collect your previously saved password depending on your usage scenario. I am assuming your extension asks permission "Read and change data on all websites you visit".
Say, You have saved login credential for ebay.com. Now if you goto ebay login page, chrome automatically fills the credential.
Now as the extension can read all element on all web page, it can extract the password field value. eg: In the following screenshot, it is shown, how just a one line code can extract the information.
So, your best bet would be, not opening any website for which you saved login credentials and not logging into any website while the extension is installed because the extension can steal the password as you type the password.
Otherwise, the extension itself can never steal your password because chrome try to encrypt your saved passwords and save it on your computer. To know how chrome saves your password, read here.