[chidg]

I work for a company whose primary product is an extension. From my experience it's quite random; sometimes an update will pass 'review' a few hours after submission (never a few minutes, but it's clearly not being reviewed in any depth) and other times it will be held up for a few days, a week, or up to 15 days recently. It seems to be a lottery, where your chances of a manual review are increased by requiring certain permissions and other factors the chrome gods decide are risky. In our case they have rejected updates several times for spurious reasons, like claiming we do not use the notifications permission although we asked for it - even though use of the `.notifications` method on the chrome javascript api was visible in our code.

I think GPs point stands - whether or not they actually review every update, they make the claim that extensions are reviewed, and they're reviewed often enough that they should be able to catch genuinely dangerous extensions.