What's frustrating (and clearly anti-competitive) is that Google thinks this is a problem enough to justify this, but refuses to ban browser extensions that utilize permissions broad enough to allow them to do this in Chrome directly. Browser extensions can generally collect everything on web sites and that you enter into websites, and has access after all TLS decryption has occurred.

For the most part, if a browser's extension store isn't in order, everything else they claim to do to secure web traffic is kinda a joke.