gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload,which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications , see information from the extensions , or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extension ...