[Groxx]

You seem to be implying that the browser that first made window, tab, and plugin sandboxing into a big deal won't sandbox such systems from normal operation.

ie, it's likely to be exactly as vulnerable as your computer. If you open a vulnerability in your extension and someone exploits it, it's the same as a flawed program that allows input being attacked. If they eval JS from arbitrary sites, that has nothing to do with the security of the system, only the security of what you installed.

[ezalor]

Obvious difference: I expect not to get my HDD corrupted because I visited an arbitrary website, I understand it might be the case if I download AND run an arbitrary program.

[Groxx]

If I'm reading the article correctly (and it's a bit vague), these are part of the experimental extensions API. They're accessible only to arbitrary programs you've downloaded and run, and they inform you that they use api X.

To make matters harder, experimental API extensions aren't allowed in the chrome extension gallery - you'll have to go looking for unapproved, file-system-accessing extensions to expose yourself in the slightest to that danger.