Perhaps the worst thing about this is that engineers at the browser makers are now incentivized to create Zero-days. $250k and rising for knowingly creating a backdoor? There's now a market for software engineer corruption. Maybe add in some middlemen...
Wouldn't it be fairly easy to get caught doing this? Especially if you did it multiple times, it seems obvious exploits in code you checked in would be traced back to the malicious engineer.