I'll probably get downvoted into oblivion here as I'll attempt to defend Google, but they have recently added a bug bounty program for extensions that violate user privacy:

https://security.googleblog.com/2019/08/expanding-bug-bounti...

I recently received a nice bounty for reporting a VPN extension, with nasty privacy violation, using this program. I understand that El Reg will get their clickbait here, but the situation isn't nearly as bad as described.