There are many extensions for Gmail, some of them loads code which compromises your email security. Gmail on the desktop is becoming more secure with support for Content Security Policy (CSP) to prevent cross-site scripting attacks and malevolent browser plug-ins from stealing your data.
Google notes that most popular extensions for Gmail have already been updated and should work as usual. In case it doesn’t, Google recommends updating to the latest version.
Chrome, Firefox and Safari currently support CSP. Microsoft’s Internet Explorer only has limited support.
Source: Official Gmail Blog