To get every password, you’d have to exploit the password manager process itself. The manager asks you to approve every single password it hands out and you would know something is wrong if the extension starts asking for lots of passwords.

The separation keeps the memory where the passwords are stored away from the browser. No malicious code executing inside the browser can access it. Also, the protocol between the extension and the manager can be really simple and (hopefully) easy to get right without making exploitable mistakes.

It’s the Swiss cheese principle. The attacker has to break out of the website sandbox, get into the extension to copy the secret keys that are needed to impersonate the extension in the connection to the password manager, and exploit the password manager through that connection in order to get to the passwords. If any step fails (the holes in the cheese slices don’t align), the attack doesn’t get through.

At least you’re limiting exposure with managers like KeePassXC. The manager runs in a separate process and communicates with the extension via a local connection. You have to approve every password given out by the manager. So a malicious actor can’t just ask for every password under the sun. They could still read the contents of the password field once the extension has filled it if they manage to circumvent the restrictions set by the browser. But that’s no different from when you enter the password manually.

Rocket.Chat is a Slack-like environment under MIT license with apps for iOS and Android

I’m surprised something like that hasn’t already happened.

But even when they do, I feel that, after rejecting, I get the same banner again the next time I visit the site. I bet that doesn’t happen when you accept tracking.