These are great developments for users and browser makers alike. Grouping permissions by features (threats) rather functionality is good news!
Before, you would see that an extension doesn’t have “cookie API” access, but it might still get access to cookie data using content scripts (reading document.cookie) or web requests (looking at HTTP headers), and so on and so forth.
Great that their stance on obfuscation is changing. It seems to align with Mozilla’s policy. (Though I’ve only given it a cursory look)
It’s disappointing that there are still no extensions for mobile Chrome.
Then uBlock Origin would be there, that is undesirable, I would guess.
That’s why using Firefox on mobile is a no-brainer.
the anti-obfuscation rule is interesting. source diving is pretty much the last word in actual safety checks for the app and addon marketplace.