SlowMist stated that encrypted users need to be vigilant as browser extension plugins may be sold to malicious actors without their knowledge. Malicious actors can easily purchase a Chrome extension and hijack existing users' browsing traffic, redirecting it to wherever they want. No alerts, no prompts. Unless new permissions are needed, no abnormalities will be noticed. In @tuckner's investigation, it was found that an extension with 400,000 users had changed owners, so stay alert.