[username90]

Google did tolerate exactly the same kind of behavior from the internal OS distribution team before, you could argue that security is even more important there than in a browser plugin.

[qaq]

I am not a Googler but I reiterate I know exactly 0 CSOs that would tolerate this. You providing an example outside of security team kindah reinforces my point.

[username90]

The internal OS distribution team is a security team. They ensure that the OS everyone at Google works on and run their code on is secure.

[qaq]

They report to CSO ? Would be pretty unusual again not a googler but normally that would not be part of security team

[username90]

Google has a lot of security teams since they do all of their infra themselves. The people who push security patches to peoples OS's is a security team, and they used that channel to push a message similar to this.