Unlike to Firefox add-ons distributed through the Mozilla’s official gallery, Google Chrome extensions available on Chrome Web Store are not reviewed by Chrome team for possible malicious activities. We have already seen few examples in past where extension developers were involved in tracking users’ browsing activities or injecting ad codes.
Chrome team has addressed this issue and introduced many features to ensure the security and privacy of the users. For examples, extensions using some critical APIs, like WebRequest API, are now reviewed before releasing publicly. Chrome has also imposed Content-Security-Policy on all extensions and apps. Moreover, installing add-ons from third-party sources has been blocked.
Another important security feature coming soon to the Google Chrome is the ability to monitor extensions’ activities. This feature is currently under testing, and not enabled by default yet. Users on the Dev channel of Chrome can turn-on it by enabling the flag “Enable extension activity UI” from the chrome://flags/ page. After enabling this flag and restarting the browser, users can see the activity log of extensions from the Extensions page (chrome://extensions) of the Chrome, as shown in the screenshots below:
This feature helps Chrome users to keep an eye on the extensions by monitoring their activities. Users can easily identify malicious activities and uninstall such extensions.
Read more on Chrome.