I would argue that building in extension-like features inside the browser is worse. In both cases, that's extra code, with security implications, but in case of extensions, you can choose not to have it.
Now, that's a question of whether you trust those who write the browser more than those who write the extension.
And by the way, the argument you have is the same that justifies the much hated "manifestV3", which makes extensions less powerful for security reasons. But it also limits the blocking capabilities of browsers to a simple, less effective blacklist. That Firefox still supports the old "insecure" way is a big selling point over Chrome.
We obviously know Chrome team is not doing things for security reasons, they are doing things for ad revenue reasons. But it's also true that blocking ads requires an insane amount of trust: The uBlock Origin author can choose to read your bank account numbers and passwords. (Although he is high profile enough this would be caught quite quickly.)
Arguably the problem is that Manifest V3 proposed removing an ad blocking capability without replacement, whereas I would argue just as popup blocking was a couple decades ago, it belongs as a first class browser feature, not outsourcing extremely sensitive capabilities to random outside parties. Browsers should not be operated by (or funded by.........) ad networks, and should built high quality, secure tools to filter unwanted content from their users.