So once they are ready to add malicious code in the future to pass that information somewhere else, no permission changes will be required.
Before downloading any extensions, I usually inspect them quickly with https://chrome.google.com/webstore/detail/chrome-extension-s...
Most important parts are "manifest.json" and then if defined then content scripts that match catch all urls and "https://*/*" / "http://*/*.
So once they are ready to add malicious code in the future to pass that information somewhere else, no permission changes will be required.
Before downloading any extensions, I usually inspect them quickly with https://chrome.google.com/webstore/detail/chrome-extension-s...
Most important parts are "manifest.json" and then if defined then content scripts that match catch all urls and "https://*/*" / "http://*/*.