How can an extension change hands with no oversight?

More fun than it should be, honestly.

Reddit users seem to have identified the problem.

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day vulnerabilities.