Comment by ipnon
The builtin JavaScript interpreter is such a devious touch. No one blinks an eye at several MBs of extension data. That’s plenty of room to store arbitrary runtimes in, and then all the default browser runtime protections are pointless.
The runtime protections aren’t pointless. The interpreter makes it difficult to inspect the malicious code during execution, but it doesn’t circumvent any sandboxing of the browser.