Re: They go after the older weaker members of the herd
Straw man - the "Linux plug" was in response to a comment relating to the installation of native software:
Had a shock a couple of days ago, building up software on a new PC. Moving through the list of stuff on the old one, came to BitTorrent, and installed the latest.
Irrespective of operating system, browser or other specific technology choices though, the fundamental issue is one of untrusted code execution; specifically, _who_ do we trust? Can I trust my hardware (particularly the firmware) at all? If so, then do I trust the operating system - even if it was pre-installed by the vendor (think Android) together with a bunch of arbitrary software of their choice? How about when I choose some ${package} for the software I'm developing as a convenience utility?
The reality is that at some point you have to trust your supplier. I don't claim to have a good answer for the core problems, though I do like the kubeos ideas. Given that I'm a reasonably experienced "IT professional" without a watertight solution, and in the context of the article; is it truly reasonable to expect "average users" to be able to make an informed decision about what they install from an apparently-supplier-sanctioned source (the Chrome web store)?
If the answer is "No, an average user cannot be expected to make an informed choice" then there is a consequential burden on the supplier to do so on their behalf. Apparently, in this case, they have fallen short because the black-hats have found a loophole in the decision-making progress and are ahead for a while. Unfortunately, Google appear to have chosen the Boeing strategy of denying this and working to close the hole.