I understand.

What if someone makes an extension to block this type of behaviour?

Requests could be blocked to certain urls, cors enforced, etc.

By having an external list, say being grabbed from github it could be updated much quicker than relying on google or registrars to take down extensions/domains