[codedokode]

In Chrome content scripts (the ones that are injected into a page from an extension) run in some kind of isolated mode: https://developer.chrome.com/extensions/content_scripts

Yet they have some privileges a normal script doesn't have, for example the ability to post messages to parent extension which can be exploited.

[AgentME]

They still see the same content in the DOM. The extension just has a separate javascript-wrapper around the DOM. This means that an extension will not be affected if a webpage monkey-patches a DOM method to do something else. But if a webpage places some specific text content inside an HTML element, then the extension will see that same text content! (And Angular running in the extension can still choose to recognize that content as a template and eval it.)