Quite the contrary, actually: not using a browser extension makes you much more susceptible to phishing attacks, since your password manager won't be able to protect you from copy-pasting credentials into an imposter website.

Well we're in a thread about the CLI being compromised. I've never heard of a sandboxed browser extension being compromised.