Adrienne wrote a blog post about some of her recent work analyzing Google Chrome extensions for security related bugs. It’s a nice read and illuminates mistakes made by a surprisingly large number of extension developers (27 / 100 extensions leak private information!).
Although I don’t use Chrome on a regular basis, I had believed that simple APIs and (presumably) more thought that went into security related design would have made it more difficult for developers to write vulnerable extensions.
It’s not just extensions that are problematic either, in a recent screenshot of a Blackhole Exploit Pack’s control panel, the exploits it served were far more successful against Google Chrome (in % of visitors) than all versions of FF and IE combined.