[kierenj]

Are there any security implications to enabling developer mode?

[jayass]

Well, yes and no. By enabling the developer mode you can install any extension that was not verified by the google web store policy.

As long you are careful with the extension you install manually you should be fine.

[ThunderSizzle]

Is there necessarily any more danger than installing a random exe from the internet on a typical Windows admin account with UAC turned off?

e.g. from https://windirstat.net/download.html

[paulhodge]

For just flipping the switch, no I don't think there's any implication.

For installing an unpacked extension:

- Obviously you don't have the benefit of the Chrome store checking for abuse.

- You'll need to read the manifest.json file yourself to see what permissions you're granting, because the warning popup doesn't show up when installing this way.

- There's a few attacks that unpacked extensions can do because they can spoof their extension ID, and Chrome doesn't consider it a bug. See: https://bugs.chromium.org/p/chromium/issues/detail?id=130196...

[djbusby]

Well, you'd have to really trust the code you're loading.

[somehnacct3757]

You will bypass the permission auth dialog, which is your last official chance to see what the code you're about to execute has access to.

The extension developer could add a malicious permission + new code to exploit it and it would look the same as using developer mode to add a Hello World extension