The solution here though is simple: As the sole publishing source of extensions users can install on Chrome, Google just needs to stop distributing malware from their extension store!
But of course, that would require Google actually take some responsibility and do some legwork and neither of those things are in their core competency.
If Google actually had any goals of improving security, they'd literally just delete the Chrome Web Store and start over and manually reviewing and approving extensions one by one.
Here's the problem with that apologism: They already are gatekeeping. They made that call as soon as they removed sideloading extensions. The problem is Google is just a shoddy gatekeeper.
People reviewing the security of browser extensions should have the title of "engineer" at minimum.
Bear in mind browser extensions completely defeat all the benefits of HTTPS. If we aren't putting them through significant scrutiny there really is no reason for anyone at Google to claim to work on security at all. Extensions need to be treated as incredibly privileged code and vetted accordingly.
But of course, that would require Google actually take some responsibility and do some legwork and neither of those things are in their core competency.
If Google actually had any goals of improving security, they'd literally just delete the Chrome Web Store and start over and manually reviewing and approving extensions one by one.