the first time other users accessed the tampered Passbolt page all the passwords they have would be shared to the attacker
No actually the attacker would need to actively trick users into sharing the passwords with the attacker. They cannot access the user passwords just by running/sending corrupted php or js code, it requires a user action to share the password with the attacker. This will be fixed using signatures, e.g. the client will verify that the list of the users in a group is signed by the group manager for example.
Another attack vector is the Mozilla or Google Chrome extension service. An attacker with access to the service could serve a malicious extension version that send the data back to the attacker. It would still require user input to decrypt the passwords prior sending them. We do not consider this a likely scenario (as extensions are signed with a key only owned by passbolt), if this is part of your threat model, you can compile and serve the web extension to your users yourself (but you’ll miss on the automated updates, unless you build that one too).