Chrome extension is insecure. It allows developers to collect login information from any website without user’s knowledge.
When a chrome extension is installed, It is on for your browser in every session if there is no background script or page.
From there on click of submit button making an ajax call to your server to store the page URL, username and Password is like cake walk.
Give your thoughts.