"There is no CVE issue here because extensions are opt-in, and what they can do is disclosed to the users choosing to install them,"
That depends the honesty of whoever writes the description and the freedom from bugs of what's being described.
"There is no CVE issue here because extensions are opt-in, and what they can do is disclosed to the users choosing to install them,"
That depends the honesty of whoever writes the description and the freedom from bugs of what's being described.