It's interesting to see this surface again. As someone currently looking into building extensions, the permission granularity has always felt like a double-edged sword. Even with Manifest V3 limiting some capabilities, the 'read and change all your data on the websites you visit' permission is still necessary for many legitimate tools, but it requires so much trust from the user. I wonder if a more granular, per-domain permission model (like mobile apps) would be feasible for the Chrome team to implement without breaking UX.