The main question is what behavior is being introduced. I haven't researched deeply, but apparently the add-on does nothing until the user opts-in on studies.
An appropriate response here would be to decide that you no longer trust their browser at all.
It's hard to quantify trust exactly. I'm fine with trusting the partly-closed-source Google Chrome build, including the proprietary Chromecast, Hangouts, etc., plugins, because I believe that the people writing them are generally reasonable. I don't have a good formal proof that they're generally reasonable people, and I never will - that's why it's trust. If they start installing marketing gimmicks, certainly they have the technical ability to do that, but I will lose my trust that they're reasonable people.
Here's an analogy: I trust a small number of my friends with keys to my apartment because I think they'll make reasonable use of that access. If they decide to show up at 3 AM with a keg and three tubas without telling (let alone asking) in advance, I technically have no grounds to complain that they abused their access - but I'll certainly not be calling them friends any more.
I would argue that since they knew you were giving them access on the assumption that they would not do things like that, you would have grounds to complain. Similarly, I installed Firefox on the understanding that it would not phone home with opt-out telemetry, advertise third party products, or syntergise with acquired properties. Mozilla has, in the past few months, done all three.
I like Firefox, though, so I'd rather kick the tubas out of Mozilla than go kick them off my individual installation. Does the public have any power over Mozilla's governance?
Hence, as you said, the only way is to trust Google here, without much ability to verify.