Use an out of band password manager, whose key is never transmitted over a network. Or a notebook that is physically secured. There are a number of solutions for password vaults, and you can use a variety of means to synchronize them if needed.
The notion that it's a good idea to trust a browser extension for secrets management is pretty bizarre to me if you're protecting high value assets.
As always, it depends on your threat assessment and what is practically possible. For the vast majority of users, using a password manager browser extension [1] is a large improvement over password re-use over dozens of sites. Most folks will also not want to put in the effort to use an out-of-band password manager.
(Not directed at you personally, but I often hear such comments from people who are then perfectly fine to use a password manager in X11, where in a the default configuration every application can read your keystrokes, screen grabs, clipboard, etc.)
[1] Preferably one that communicates with an out-of-process password manager over an authenticated channel like 1Password.
The notion that it's a good idea to trust a browser extension for secrets management is pretty bizarre to me if you're protecting high value assets.