> Rather than only doing it via technical means like permissions, I'd be more comfortable with auto-updating but with some kind of human quality assurance.
I agree on this.
The best solution for now would be a meta-extension that checks if you have compromised extensions installed and disable them.
The blacklist could be compiled based on the Store feedbacks (ratings dropping sharply? disabled.), a reporting system from the app, and also using automatic testing. For example run the extension on a sandboxed machine and check for requests to known shady domains.
I agree on this.
The best solution for now would be a meta-extension that checks if you have compromised extensions installed and disable them.
The blacklist could be compiled based on the Store feedbacks (ratings dropping sharply? disabled.), a reporting system from the app, and also using automatic testing. For example run the extension on a sandboxed machine and check for requests to known shady domains.