A meta-question: did you generate this intent email via chromestatus.com
? It wasn't picked up by the tooling for https://bit.ly/blinkintents
, which means there's a mismatch somewhere.
I think this is something that's safe to remove, given our vague understanding of usage in the wild. It is very unlikely to break sites (as the removal gets rid of a restriction, rather than dropping functionality; in the worst case, something will unexpectedly load when it would previously have been blocked), and CSP retains the ability to control `<embed>` and `<object>` tags by URL. Developers who care about the content loading into their sites are likely better served by that kind of control, now that the most dangerous content which could have loaded into those contexts has been removed entirely. Likewise, Firefox never shipped this directive, which means that sites couldn't consistently rely upon it to prevent execution of any specific plugin type. Again, in the worst case, Chromium simply shifts to match Firefox's existing behavior, allowing more content to load than expected.
I also looked at the HTTP Archive data a little more closely. Of the 2,093 pages in the 2020-12-01 run you pointed to:
* 762 set `plugin-types` that contains `application/pdf`.
* 49 set `application/x-shockwave-flash`, which has little effect today.
IMO, the potential effect of this change is small, and the potential breakage is negligable. LGTM1 to remove directly.