To their credit, Mozilla does have an approval process, but it's pretty opaque what actually happens during that process. They also have a "Recommended Extensions" program which does more thorough vetting, apparently. Chrome is more of a free-for-all.
Chrome is very strict, as of the last several months, about what they allow. There's even a sticky in the support group for people whose extensions have been stuck in review for more than 3 weeks:
This is the flip side to Google and Firefox both making their extension much more locked down by removing some APIs entirely and requiring signing and approval. There are reasons to be upset that such practices hurt useful existing extensions that people like, but there's also reason to be relieved they are doing so.
The old extension system while more powerful, was pretty flaky anyway. Every browser update had a good chance of breaking extensions. At least now there is a clear api that can be kept stable over updates.
Firefox addons are reviewed, though as others note the process is a bit opaque. Interestingly, sometimes a release is approved, but then later someone comes back with issues. This is somewhat concerning as both a user and a dev. For users, it means there may be rogue extensions out there that haven't been closely reviewed yet. And for devs, it's frustrating to have a release approved and then months later to get audited.
Chrome is getting more granular in their approval process, but it seems that they're still a bit behind.
There's a dead comment that seems pretty revealing in terms of the review process:
SmallPeePeeMan 13 hours ago [dead] [–]
I’m an extension reviewer at adding.mozilla.org. Extensions that request certain permissions are manually reviewed. Others are automatically approved. Recommend extensions are ALWAYS manually reviewed for each update.
I'm curious what the _manual review_ process looks like. There are so many questions that come to mind: Is it a single person or multiple individuals reviewing the extension? Does it require the reviewer to be familiar with the code base of the extension? Wouldn't that be a significant burden, or are these reviews cursory? Do the reviews take 10 minutes? 30 minutes? days? Is the review documented? Can the review be public? Do they review the source code on github/gitlab/etc or are they reviewing the submitted file(s)?
I’m an extension reviewer at adding.mozilla.org. Extensions that request certain permissions are manually reviewed. Others are automatically approved. Recommend extensions are ALWAYS manually reviewed for each update.