Because there were other ways to handle the ad blocker situation. For example, allowing the users to grant access to an extension.

The hard protocol ban is heavy handed.

Users don't read dialogs. They just click yes so they can get to their shiny talking purple gorilla. This also doesn't address the threat model: a good extensions that users trust and give these rights to which is bought out and changed to do malicious things.

> Users don't read dialogs.

Not all do, some do. And it only takes a few to spot something fishy and start reporting problems.

> This also doesn't address the threat model

It actually does, because few extensions need broad permissions. The threat is significantly reduced if a change in required permissions goes up a new dialog pops up which encourages the few users that read the thing to ask "Hey, why is this asking for so many more permissions?"

This model works. It works so well that the security model of pretty much every app store is exactly the same. The risks are also identical.

If the only options are "full access to everything" or "no access at all" then users are going to pick the former every time, because there's no alternative. And worse, they'll get used to extensions requiring "full access to everything" and become more likely to approve that permission even for malicious extensions. That's essentially the situation for lots of extensions prior to manifest v3 (and arguably post-v3 too, but it's a step in the right direction).

Fine-grained permissions are a good thing, even though they do unfortunately make things more challenging for developers.

I trust gorhill and UBO infinitely more than any corporation, especially since it's all free and completely open source.