Fascinating vulnerability. It shows how browser integrations can create unexpected attack surfaces. I’d love to see more discussion around hardening these kinds of local browser modules.