[londons_explore]

"what percentage of grandmas would lose their life savings if they stumble across this bug" is the metric I use to determine severity.

And in this case, it requires a chain of unlikely events. The user tricked into installing an extension (probably not one from the store, which is now particularly hard on windows). The user tricked into opening devtools.

It's gonna be sub-1%. Certainly still worth fixing, but nowhere near as bad as a universal XSS bug.

[gardenmud]

Not only that, but it doesn't work on Google Chrome releases, only the (upstream) Chromium, and Google Chrome canary. Very few people use raw Chromium all by its lonesome and I would guess only for testing/development, not downloading random extensions.

[TRiG_Ireland]

I use Chromium, because I'm on Ubuntu. (Admittedly, I don't use it very often. I tend to be loyal to Firefox most of the time.)