“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a ‘clickjacking’ technique to execute privileged code within the browser extension,” the company behind Keeper password manager explained.
In other words, more or less what everyone does when navigating on the Internet.
It is a strange world where (sometimes) security researcher tag as critical vulnerability something that has (roughly) no chance whatsoever to happen, ever, and where (always) affected software companies attempt to minimize the (huge) risk by making what nearly every user connected to the internet does on a daily bases as the casual concurrence of a number of extremely rare events.
Besides the issue with the specific thingy, what is preoccupying, as you stated, is the MS guys adding (CR)Apps to the OS, and even more than that, even those that once were considered the "good guys" are doing the same , everyone is trying to downplay it, but the recent Firefox mishap is (at least to me) terrifying:
https://drewdevault....pery-slope.html
Wonko