I like how the recommended remediation to this malicious extension is to install an extension for monitoring extensions.
Serious question though: is "can connect to network" a permission on Chrome apps? What about Mozilla? It seems like this, more than anything, is what needs to be locked down for all apps (beyond just browser extensions). Like on my MacBook for example, I have to give apps explicit permission to access folders like Documents. But I'm pretty sure they can all access the Internet without restriction, right? That seems crazy to me.