The truly problematic part is that Mozilla did not immediately block the extension for executing arbitrary remote code that is controlled by the antivirus company.

Mozilla has recently blocked several translation extensions for loading remote code from Google Translate, Firefox users finding their workflows for accessing information being broken, with no good workaround, other than switching to Chrome.

https://www.ghacks.net/2019/11/05/mozilla-bans-all-extension...

https://www.jeremiahlee.com/posts/page-translator-is-dead/

https://blocked.cdn.mozilla.net/

Of note, he didn't report the Chrome extension because the Chrome maintainers don't consider it to be a problem.

Is it Chrome maintaners or the extension store maintainers?

"In particular, Google allows execution of remote code as long as there is no proof for it being used for malicious purposes."

Ah, so they're using the model Zuckerberg used for FB apps, "FB apps are not legally allowed to do anything illegal, as a developer click here to agree that you'll behave.". And among others, Cambridge Analytica exploited this bullshit lazy trust.

It's Google. I don't really know how it all breaks down from there.

Blocking add-ons, with no way for the user to circumvent that block, still seems extremely against the FOSS spirit to me. The point of FOSS is to not move control over to some 3rd party, even if it is for "your own good".

Is there really no way?

There is: use developer edition or unbranded builds.

Generally, cloud-based security products are disastrous for privacy.

And all other kinds of security.

Now, go try to explain that to people.