They have implemented a system that works on rulesets similar to those used in AdBlock Plus (with whom Google has a business relationship). Rather than allow extensions to examine web requests they have to provide matching rules for the content to be blocked, and the browser engine will block requests that match those rules.
The implementation breaks the model of the most effective blockers like uBlock Origin, which are able to inspect every request and block it based on a much more comprehensive set of factors. The claim they are making is that allowing extensions to inspect web traffic makes them vulnerable to abuse by bad actors who can, for example, offer an innocuous extension then later turn it effectively into a keylogger. There are numerous better solutions to this problem that don't require breaking blockers like uBO, but this choice seems to tick a large number of boxes for decisions that benefit Google and their partners at the expense of their users. And the "Enterprise users" part (which really seems to belie the stated reasoning) was only abounded after it became clear that there was a backlash against this terrible decision.
The implementation breaks the model of the most effective blockers like uBlock Origin, which are able to inspect every request and block it based on a much more comprehensive set of factors. The claim they are making is that allowing extensions to inspect web traffic makes them vulnerable to abuse by bad actors who can, for example, offer an innocuous extension then later turn it effectively into a keylogger. There are numerous better solutions to this problem that don't require breaking blockers like uBO, but this choice seems to tick a large number of boxes for decisions that benefit Google and their partners at the expense of their users. And the "Enterprise users" part (which really seems to belie the stated reasoning) was only abounded after it became clear that there was a backlash against this terrible decision.