Was wondering about that too - but this seems to be just a Spectre defense, not a change in what extensions can do.
The change[1] only affects content scripts because they run in the same process as the website. You're still able to fetch arbitrary origins in a background page. So GM has to move the fetch to the background page, then send the content to the script via message passing.
The change[1] only affects content scripts because they run in the same process as the website. You're still able to fetch arbitrary origins in a background page. So GM has to move the fetch to the background page, then send the content to the script via message passing.
[1] https://www.chromium.org/Home/chromium-security/extension-co... .