You think an attacker is right now thinking "Man, I know exactly how to make a lot of victims install an extension, but I can only steal their coinbase wallet and bank accounts, if only there was a way I could run calc.exe on their machine too..." who's going to pay more than $20k to upgrade from "steal all their money" to "steal all their money and run calc.exe"?
You're on Windows? Download a binary, create some WMI triggers and get executed at every boot as the same user (requires no elevation for same user, if Admin, you can get NT_AUTHORITY). If you find something to elevate to Administrator you could also patch the beginning of some rarely used syscall and then invoke it and get a thread to yourself in the kernel. These things tend to almost chain themselves sometimes. At least on Windows it feels that way.
Also the user doesn't have to navigate to a specific URL in the final form, just needs to open devtools after installing the extension.