I guess this comes down to extensions that inject code / modify the page.

Extensions can choose if their assets are public or private, and if they reference the asset from injected code - it needs to be public.

It sounds like a better solution might be to track the injected / modified code, and only allow it to read the assets. But I'll bet there is some tradeoff i've no clue about preventing that from happening.

Imagine an extension modifying a page and adding an image. How would it allow the image to load if that wasn’t possible?

I would have hoped for some shared secret approach where the extension can generate one-time use urls for their bundled resources on demand and use those instead of easily predictable urls.

It seems that extensions like ad blockers that are explicitly targeted by such detection methods have ways for work around that (see https://github.com/gorhill/uBlock/blob/master/src/web_access...). I honestly would have expected for that to be the enforced default behavior.

I was thinking if an image is injected, it'd be injected by a script loaded from the plugin thus trusted.

It’s a logical thought but that isn’t how it works.

A script doesn’t really inject an image, it injects an image tag which contains a reference to the image. As the image gets loaded there is no check who created the tag.