8
3
I wanted to install this extension, but I have security concerns.
The extension needs permission to "Access your data on all websites". This makes sense, but I presume this includes password and credit card fields, bank routing numbers etc.
This page says that certain permissions require a warning shown to the user, but certain permissions don't trigger warnings. Among the permissions that don't trigger warnings is 'webRequest'.
How can I be sure that this extension (or any) isn't reading my sensitive data and writing it back to a db via an invisible web request?
It would be nice if Chrome extensions had more fine-grained security controls, like Greasemonkey scripts do these days. For example "cannot upload data" and "cannot store data locally" could be reassuring constraints. – joeytwiddle – 2015-11-30T15:17:11.240