This blog is really long, but i believe other member at least should watch 2 videos under text "Victim's view (opacity:0) " and "Semi-transparent (opacity:0.5)". After seeing it, i expect even security conscious could fall into this vulnerability.
Research on only 11 password managers
others DOM-manipulating extensions will be vulnerable (password managers, crypto wallets, notes etc. )
This part of the blog is also important and people should consider use more than 1 browser or 1 browser profile to separate their activity.