Secondary data encryption via browser extension

What is claimed is: 1. A computing device configured to protect sensitive data even when Transport Layer Security (TLS) communication sessions are compromised, the computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing device to: send, via a web browser plugin of a web browser application executing on the computing device and to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of the web browser plugin; receive, from the one or more remote servers and in response to the request for the server secret: the server secret, and a public certificate associated with the remote server; establish, via the web browser application, a TLS session with the one or more remote servers; generate a session key based on: the server secret, the public certificate, the device fingerprint of the computing device, the identification of the web browser plugin, a unique identifier of a user of the computing device, and a nonce string; receive, from the remote server and via the TLS session, data comprising unencrypted data and encrypted data; and decrypt the encrypted data based on the session key. 2. The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: determine the nonce string on a periodic basis. 3. The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate, via the web browser plugin, a first public-private key pair; sign, using a first public-private key pair, the server secret and the public certificate; and store the signed server secret and the signed public certificate. 4. The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: store the session key in temporary storage associated with the web browser plugin, wherein the temporary storage is configured to be deleted based on one or more of: closing of the web browser application; or expiration of a period of time. 5. The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate the device fingerprint of the computing device by executing, in the web browser, code received from the one or more remote servers. 6. The computing device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the computing device to: send, to the remote server, a request for sensitive data, wherein the encrypted data comprises the sensitive data. 7. The computing device of claim 1 , wherein the device fingerprint identifies one or more of: hardware components of the computing device, or a name of a network used by the computing device. 8. A method for protecting sensitive data even when Transport Layer Security (TLS) communication sessions are compromised, the method comprising: sending, by a computing device, via a web browser plugin of a web browser application executing on the computing device, and to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of the web browser plugin; receiving, by the computing device, from the one or more remote servers, and in response to the request for the server secret: the server secret, and a public certificate associated with the remote server; establishing, via the web browser application, a TLS session with the one or more remote servers; generating, by the computing device, a session key based on: the server secret, the public certificate, the device fingerprint of the computing device, the identification of the web browser plugin, a unique identifier of a user of the computing device, and a nonce string; receiving, by the computing device, from the remote server, and via the TLS session, data comprising unencrypted data and encrypted data; and decrypting, by the computing device, the encrypted data based on the session key. 9. The method of claim 8 , further comprising: determining the nonce string on a periodic basis. 10. The method of claim 8 , further comprising: generating, via the web browser plugin, a first public-private key pair; signing, using a first public-private key pair, the server secret and the public certificate; and storing the signed server secret and the signed public certificate. 11. The method of claim 8 , further comprising: storing the session key in temporary storage associated with the web browser plugin, wherein the temporary storage is configured to be deleted based on one or more of: closing of the web browser application; or expiration of a period of time. 12. The method of claim 8 , further comprising: generating the device fingerprint of the computing device by executing, in the web browser, code received from the one or more remote servers. 13. The method of claim 8 , further comprising: sending, to the remote server, a request for sensitive data, wherein the encrypted data comprises the sensitive data. 14. The method of claim 8 , wherein the device fingerprint identifies one or more of: hardware components of the computing device, or a name of a network used by the computing device. 15. One or more non-transitory computer-readable media storing instructions configured to protect sensitive data even when Transport Layer Security (TLS) communication sessions are compromised, wherein the instructions, when executed by one or more processors of a computing device, cause the computing device to: send, via a web browser plugin of a web browser application executing on the computing device and to one or more remote servers, a request for a server secret that comprises: a device fingerprint of the computing device, and an identification of the web browser plugin; receive, from the one or more remote servers and in response to the request for the server secret: the server secret, and a public certificate associated with the remote server; establish, via the web browser application, a TLS session with the one or more remote servers; generate a session key based on: the server secret, the public certificate, the device fingerprint of the computing device, the identification of the web browser plugin, a unique identifier of a user of the computing device, and a nonce string; receive, from the remote server and via the TLS session, data comprising unencrypted data and encrypted data; and decrypt the encrypted data based on the session key. 16. The non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: determine the nonce string on a periodic basis. 17. The non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: generate, via the web browser plugin, a first public-private key pair; sign, using a first public-private key pair, the server secret and the public certificate; and store the signed server secret and the signed public certificate. 18. The non-transitory computer-readable media of claim 15 , wherein the instructions, when executed by the one or more processors, cause the computing device to: