Comment 31 for bug 1967632

Not only that, the snap would need to parse these json files and allow Firefox&Chrome to start the binary defined in "path" with full access to the system as a regular user. The binary needs to be able to do what it wants. (It's somewhat like allowing Firefox to start pre-defined systemd services.)
If that doesn't happen, users might switch to a potentionally less secure alternative to native messaging, for example, running a local webserver accessible by every website and possibly without proper authentication which then executes commands.