As it turned out, attackers can, through the API of some extensions, attack browser users: launch arbitrary code, get cookies, bookmarks and browsing history, install other extensions, save / retrieve files, and so on. In Opera, there are 10 vulnerable extensions, Firefox - 16, and in Chrome - 171.
The most reliable way to protect yourself is to remove the vulnerable extension. The Opera team has already removed 8 of the 10 vulnerable applications, Firefox has deleted all 16, and Chrome does not know how to act yet: delete almost 200 extensions or ensure that the developers will fix them. So Chrome users at first will have to attend to their own security.