#Chrome has always been ahead in terms of security. E.g., t took a really long time for Firefox to implement a permissions model for extensions, and then to give the ability to disallow some extensions in Private Mode. And right now, it doesn't have “click to enable” on extensions.
I'm a minimalist, but even I use problematic extensions, like LanguageTool (alternative to Grammarly). And if you're security conscious, you can't allow such extensions to access your security-sensitive services.