Rishi Iyengar:

The report, from cybersecurity firm Awake Security, found at least 111 "malicious or fake" Chrome extensions capable of taking screenshots, stealing login credentials and capturing passwords as users typed them.

I was surprised to see that this surveillance campaign wasn’t being carried out by Google itself.