As long as these users are fully separate users within Windows, rather than simply being separate profiles within Chrome, and also as long as neither user has administrator rights then their extensions and data should be completely separate and one user will not be able to access the data of the other user.
Chrome gets installed into the Program Files
directory. This directory is not world writable and users must store their personal data in their own C:\Users\myProfile
directory. When Chrome is run with Alice logged in it will create a profile somewhere under C:\Users\Alice\appdata
and when Bob runs Chrome then a new profile will be crated under C:\Users\Bob\appdata
.
These Chrome profiles will store extensions for that user, their bookmarks and caches. It is Windows itself and the filesystem permissions that determine if one user can access the data of another user. By default a non-administrator user will not be able to access the data of any other user.
If any of those extensions required administrator access to install then it is entirely possible for them to have changed filesystem permissions or installed an administrative helper service or even outright copy the user profile of another user. Note that after this initial install the extension would loose the ability to change permissions or see the other user profile except in the case where it installed an admin helper service.
Outside of Alice explicitly giving access to Bob, or Bob managing to get the administrator to allow allow the installation of an add on that requires installation outside of the Chrome user profile then Bob should not be able to access Alice's data.
If either Bob or Alice is an administrator then they will both have nearly free access to the other users data.
Of course there are alternative scenarios where Bob compromises the machine and manages to install a rootkit using know system vulnerabilities, but that's a story for another day...
I missed the part in your question where you mentioned that these are profiles within Chrome rather than Windows and I would have to say that it is entirely possible for extensions within one Chrome profile to access data within the other profile as there is no filesystem protection in place and Chrome will not enforce any protections to prevent you accessing files between profiles as that is the job of separate users within the operating system.
As an example I have previously used Firefox and uninstalled it, I was then able to launch a portable copy of Firefox in which I installed an sqlite browser (FF stores data in sqlite databases) and browse to my old profile and see my history, the same would almost certainly be possible in Chrome.
If you really want multiple users then you should use the operating system features rather than program features to enforce security. If Bob and Alice both share the same Windows user profile then one could simply browse the data of the other user outside of Chrome and not need the extensions at all.