Or that extensions can still inject javascript, observe and log requests, exfiltrate data? I mean the api docs will tell you that. Extensions can do all that because they couldn't do a whole lot without those capabilities...normally used for legit purposes, but the apis can't really glean intent.
See things like onBeforeRequest for observe. Injecting javascript is called a "content script" in chrome extension terms. Exfiltrating data could be done in many ways, given that you can inject a "content script".
Or that extensions can still inject javascript, observe and log requests, exfiltrate data? I mean the api docs will tell you that. Extensions can do all that because they couldn't do a whole lot without those capabilities...normally used for legit purposes, but the apis can't really glean intent.
See things like onBeforeRequest for observe. Injecting javascript is called a "content script" in chrome extension terms. Exfiltrating data could be done in many ways, given that you can inject a "content script".