[GrinningFool]

I would argue that if you installed any extension that requested full access to your data without understanding the implications, you're not as careful a browser as you believe you are.

This isn't to say what the developer did is in any way ok ( I don't think it is), nor is it my intent to insult you. Rather - it's to highlight a deeper problem with this kind of click-through security model that chrome web store, play store, et al are fostering.

If somebody who has a reasonable understanding of computers and works with them for a living still clicks though this kind of agreement, what hope has the other 99% of the connected-device-using population?

[chrislomax]

I guess you're right in a respect. I think I trusted this to be right though, I never imagined that you could change something so dramatically to the point where it isn't even the same product any more.

With Chrome having such a good level of sandbox and Google being proud of that I didn't think it would be so easy for someone to release an extension that basically acted as malware.

I do in general have really good browsing habits, I just need to re-evaluate who I trust.