The Chrome team says they’re not going to pursue Web Integrity but…
it is piloting a new Android WebView Media Integrity API that’s “narrowly scoped, and only targets WebViews embedded in apps.”
They say its because the team “heard your feedback.” I’m sure that’s true, and I can wildly speculate that all the current anti-trust attention was a factor too.
But the add-on isn’t sandboxed like in chrome. Like i remember, depending on if you use an external MAC like apparmor or not, where if you’re runnimg in Linux and you’re using Firefox, websites could steal your ssh keys from ~/.ssh/
Malicious addons or websites could easily do the same thing, and steal your bitwarden credentials. Unless you have the premium version, you can’t put otp on it.