> We built an automated scanning pipeline that runs Chrome inside a Docker container, routes all traffic through a man‑in‑the‑middle (MITM) proxy, and watches for outbound requests that correlate with the length of the URLs we feed it.

The biggest problem here is that "We" does not refer to Google itself, who are supposed to be policing their own Chrome Web Store. One of the most profitable corporations in world history is totally negligent.