Pretty much impossible, especially with so many eyes on the project. It is possible to intentionally introduce vulnerabilities into open source code and use that as a backdoor but for projects like tor keeping that hidden for long periods of time is incredibly difficult due to the number of people independently auditing the code.

Not sure who’s down voting you, its quite a valid option that, unlike google, is actually innovating in interesting ways.

Ublock origin and Facebook Container are a good start. I would recommend having a look through the most upvoted posts of this sub as well.