Edit:
I didn’t go through manual process but based on this (rather recent) Adblock guide [1] it’s not very hard.
Of course one could argue that “developer mode” is deterrent enough but - as for contrast - in order to get state mandated esignature to work I had to install some sketchy 3rd party system extensions on MacOS. On Windows it almost felt like malware (as some of the security settings had to be disabled in order for Java installers to run).
My point is - sure Chrome might have secure golden path but people are lured into skipping a lot for freebies/weird requirements and thus permission dialogue should be more informative.
[1]: https://helpcenter.getadblock.com/hc/en-us/articles/97385388...
Chrome is unfortunately limited here by the security of the OS. No popular desktop OSes have application isolation: all apps have the same permissions. Any app can write to any other apps' storage.
This means that if Chrome makes sideloading too difficult, developers will just tell users to run their native code which will hack into Chrome, making even understanding what extensions users have or uninstalling them impossible. Sideloading on desktop OSes has to be hard enough to discourage most users but easy enough that developers like adblock don't start looking for an even bigger hammer.
This is what I meant by delicate balance of incentives.
More info here: https://news.ycombinator.com/item?id=4954915
Thus, it should be easy to classify and make that specific dialog more visible - especially when side-loading.
I think it definitely is hard job to reach consensus on all the fronts.
It's true that as MacOS continues to discourage non-sandboxed software, Chrome can make sideloading more cumbersome to match.
