Because they're so hard to monetize, browser extensions have become major targets of exploitation by dodgy marketing firms, who pay developers to insert hidden code that collects data, injects ads, or even use the user's computing resources without authorization. Quite often, these firms would buy out the extensions and completely subvert it for their nefarious purpose.
In order for an extension to inject code on arbitrary websites, it must request this specific permission: "Read and change all your data on the websites you visit". Many extensions request this permission out of convenience, when it is not necessary for their operation.
The Extension Auditor addon will list all the extensions you currently have installed that had requested this permission, giving you a quick overview of your risk profile. It also links to discussion forums where knowledge can be shared about other risk factors such as developer reputation and ownership changes.
Occasionally, an extension will "go rogue". It is our hope that through the discussion forum, we can identify these instances and warn the users through the Auditor extension.
This extension is open-source. To contribute please visit https://github.com/ken107/extension-auditor.