Well, you probably couldn't find any confirmation because nothing in the security world is completely impossible :) Webpages aren't supposed to be able to receive input events when the extension popup is open, but there could still be an unknown vulnerability in Chrome/Firefox.

So if you care enough it's best to mitigate that risk by using the standalone application for your password manager, or better yet use a completely separate device like your phone!