The new owner added a C2 server, stripped important security headers from all pages, and used a 1x1 invisible pixel's onload handler to execute remote JavaScript in pages. The actual malicious code never appears in the extension's source files, but the code update was worrying
