Remember that spell-checking browser extension that asked for permission to read and analyze everything you type? Cybersecurity experts warn that there’s a good chance that some extensions are abusing your permission to steal the passwords you enter in your web browser.

To help users assess the dangers of web extensions, digital security firm Talon analyzed the Chrome Web Store and found that tens of thousands of extensions have access to worrying permissions, such as the ability to change data on all visited sites, download files, access download activity, and more.

“Many popular extensions put users at risk,” Talon Cyber Security co-founder and CTO Ohad Bobrov explained to Lifewire via email. “[Even] benign extensions can have vulnerabilities in their code or supply chain and may be susceptible to takeover by malicious actors.”

Talon claims that extensions provide great value to their users and bring a variety of useful features to web browsers, such as ad blocking, spell checking, password management, and more. However, in order to provide these functionalities, extensions require broad permissions to modify the browser, its behavior, and the websites visited.