[masnick]

Call me paranoid, but I'm always a bit leery about installing extensions that have access to "your data on mail.google.com". A malicious extension could easily scrape data and send it to a remote server.

Does Google do any sort of QA for extensions to prevent this?

In any case, it would be great to be able to review the code for this. Looks super useful for those of us with small screens.

[sachleen]

They do not. Extensions are required to list out the permissions they need in the manifest file. Go to the options page for managing extensions and enable Developer Mode. Then expand the one you want to check out and get its ID. I believe the following paths are correct though I can only confirm the one for Windows 7. The extension will be a folder with the ID as the name. You can see exactly what it's doing, and even make modifications that will be reflected in the installed extension. Note: any modifications you make will be reverted if there is an update.

Windows XP C:\Documents and Settings\USERNAME\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions

Windows Vista C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Extensions

Windows 7 C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Extensions

Mac OS X /Users/username/Library/Application Support/Google/Chrome/Default/Extensions

[gmkoliver]

I use a Stylish style ('more minimalist') that removes everything but the inbox list and the search box. I'm not sure but I think this is safer than an extension. For my personal taste it's finally made Gmail pleasant to use.

[john-n]

AFAIK google doesn't check extensions, similar to how the android market is run.