[therein]

It breaks the assumption that Chrome is sandboxed and something I do as a user including installing an extension will not have an impact outside of Chrome. A new process outside Chrome to call your own and do whatever you want with.

You're on Windows? Download a binary, create some WMI triggers and get executed at every boot as the same user (requires no elevation for same user, if Admin, you can get NT_AUTHORITY). If you find something to elevate to Administrator you could also patch the beginning of some rarely used syscall and then invoke it and get a thread to yourself in the kernel. These things tend to almost chain themselves sometimes. At least on Windows it feels that way.

Also the user doesn't have to navigate to a specific URL in the final form, just needs to open devtools after installing the extension.