If an extension lets anyone inject CSS into Google websites, how bad could this get? This isn’t XSS but still pretty bad. From displaying scams on trusted websites to exfiltrating data: lots of possibilities.
Very nice reporting experience for a change.
A Mastodon instance for info/cyber security-minded people.