Apparently, Google just changed their Web Store policy to forbid misleading marketing. Let's report this then...
And reported to Mozilla as well: https://bugzilla.mozilla.org/show_bug.cgi?id=1557258
Looking more into this, I'm confused. Either I am missing something or Mozilla's Andreas Wagner jumped the shark claiming remote code execution here. These extensions certainly have a bunch of security issues, but code execution cannot be triggered by extension developers.
A Mastodon instance for info/cyber security-minded people.