This has nothing to do with ublock origin specifically, ublock origin's author just happens to have a band-aid for this exploit. Assuming I don't misunderstand what is happening, any other blocking plugin is vulnerable as well.

> people don't want to mess with Google's stuff

I don't understand what you're saying. Chromium is vulnerable and by extension, so is Chrome.

Edit:

> You make it sound like it's a third-party RCE

I don't think I am. I said third-party code looks like first-party code, that is precisely what is happening.

It's third-party cookies, look like first-party cookies, isn't it? Whilst they are "code", that's misleading because it's not being executed; which is what makes it sound like an RCE.

Or did my brief scan pick up the wrong idea?

I believe so. To quote: "The purpose of Instart Logic technology is to disguise 3rd-party requests as 1st-party requests"

The net result of this is also that third-party javascript will get loaded as if it is first-party. Third-party content will look like first-party content in it's entirety. This subverts any potential security features that rely on being able to distinguish a first party from a third party.

Edit: As an example you can read https://www.w3.org/Security/wiki/Same_Origin_Policy