Most modern browsers already include a baseline of decent security against common kinds of attacks or security risks by default. You obviously still have to do your part to not visit unknown links/sites, double-check the URL and site every time your are asked to enter credentials, etc.
There are many browser extensions that claim to help with privacy, ads, or security, but I try to be very cautious about the ones which I install. Reducing your attack surface by having fewer extensions, and only ones from sources you can reasonably trust, are good steps. Also, monitor the news or vendor websites for updates to your browser and any extensions you have - if you learn of any vulnerabilities disclosed, stop using them immediately until they are patched, and double-check your versions are current.
Some extensions that I use and therefore advocate:
- LastPass: Yes, it recently had a vulnerability disclosed where it could leak (ironically) the "last password" it filled in, but that has been patched in the latest version already. Compare this to the advantage of having unique passwords for every site, which allows you to compartmentalize any potential leaks from either your own browser or third-parties, and that is still a benefit in my mind. Turn on two-factor authentication for your LastPass account (and every other account that allows you that option)!
- HTTPS Everywhere: This extension with its "Encrypt All Sites Eligible" mode helps to ensure that you are only ever requesting to use a secured connection wherever you go, and blocks you from using unencrypted connections. Some sites (or short links) still don't have HTTPS versions for whatever reason (no good reasons I can think of, it's easy to implement), and even if they are just a blog or news or something, I just don't visit them anymore.
- Privacy Badger: Published by the EFF, which is the leading non-profit advocate for online privacy, this extension attempts to block trackers which do not conform to their ideals of user consent, while also trying to avoid breaking trackers which are less invasive.