Would it be a big security vulnerability if someone wrote a browser extension to retrieve personal information on Google’s behalf?


I am a 6th grader working in a project and came across the following question:
On most browsers, you can inject JavaScript code into the browser, for example by typing in javascript:alert(‘Injecting javascript code’). On Google Chrome, if you do this on Google Drive, instead of the title being “drive.google.com says”, the title is “Google Drive”. Would this be a security threat in any way if someone wrote a malicious extension to ask for personal information on Google’s behalf?