Chrome extensions with 10M+ devices are actively vulnerable to UXSS and UXSG (opens in new tab)

Alarming. Same origin policy not strong enough. I suppose a lot of extensions may be similarly vulnerable.