There's a lot more we have planned though. Personally, I would like to eventually get to a world where many extensions - in particular the ones that novice users usually see - require no warnings at all. I think that can be done by putting access to most elevated privileges behind explicit user gestures (like clicking a button or invoking a keyboard shortcut).
In general, balancing utility and security in a browser extension system turns out to be a very, um, interesting design problem. But I think we have some good, new ideas coming. Now, just need to implement them.
Thanks for commenting on this. Glad to hear you are tackling what is definitely a hard problem without turning it into a completely walled garden.
Do you discuss this problem space with the Android Market/Play team? It seems to have not only a lot of overlap in terms of problem domain, but likely a lot of overlap in terms of actual users.
For example, the new permissions API can be used to request permissions at runtime, rather that install time:
http://code.google.com/chrome/extensions/permissions.html
And the new webRequest API can be used by many extensions in lieu of content scripts:
http://code.google.com/chrome/extensions/webRequest.html
There's a lot more we have planned though. Personally, I would like to eventually get to a world where many extensions - in particular the ones that novice users usually see - require no warnings at all. I think that can be done by putting access to most elevated privileges behind explicit user gestures (like clicking a button or invoking a keyboard shortcut).
In general, balancing utility and security in a browser extension system turns out to be a very, um, interesting design problem. But I think we have some good, new ideas coming. Now, just need to implement them.