[Barrin92]

>actors and that this is a huge security risk when the extensions request "all access to all sites."

sure but that's my choice, that's why it's an extension. Paternalism of telling me what to do with my browser is silly merely because something is potentially dangerous. The entire internet is potentially dangerous. Clicking on a link or installing a piece of software is dangerous.

You're an adult, make responsible choices about whose extension to install instead of demanding that Google strangle you with security policies which at the end of the day serves only one purpose which is to extend their control over the user experience.

[invisible]

These are a bunch of straw man arguments against what I said. There is a difference between clicking a link and an extension being able to read the contents of pages you visit -- like your bank records or credentials.

Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.

[Barrin92]

if (casual) users is what Google was concerned about that'd be easy to solve. They could ship a full ad-blocker with Chrome that renders third party extensions obsolete and there'd likely be no v3 debate, because those are the extensions primarily impacted by the design choices made.

The entire debate we're having rests on the fact that they're not integrating this functionality (despite this being technically trivial) because it's in conflict with their entire business model. Which is the only reason people have to reach for third party extensions in the first place.