Please see the post I left on the other thread you made on this topic:
Discuss - Looking for malicious chrome extensions (ad injecting) analysis
I recommend you investigate browser extensions being marketed as providing security (malware protection, anti-tracking, etc.) and go through specific categories looking at lesser-known extensions. Sometimes, there may be a malicious extension with thousands and thousands of users (we've seen it several times in the lab during 2017 and 2018).
You may be drawn into some extensions which require unusual permissions as well depending on what the extension is being marketed as. For example, a browser extension for shortening links manually entered in is not going to need access to control the web-page content or arbitrary sensitive information (e.g. history and bookmarks). You could be drawn in because of an unusual author name, product name, or fishy fake-looking reviews. It's the little things that tend to stand out the most but only to a trained eye, novices will still fall for pathetic tricks.