Polymorphic Extensions Can Steal Your Crypto and Passwords
Once installed, it can disable existing extension and impersonate it to steal your data. This is allowed by Chrome permissions. A legitimate extension can be bought and updated to perform this attack.
Making extensions only available "On Click", checking and managing permissions along with browser isolation can help to mitigate this risk to a significant extent. It is best to minimize usage of Extensions. Brave wallet is likely safe (I'm not an expert).