@varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser.
If you don't have the means to query the database from other processes the entire attack vector goes away.
i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption.