Chrome Version       : Version 51.0.2704.103 m
URLs (if applicable) : N/A
Other browsers tested: N/A

What steps will reproduce the problem?
(1) Deploy an update to an existing extension that requests a new permission
(2) Open a Chrome install that has the extension installed
(3) Wait for an extension update or manually trigger one

What happens?
The extension is silently updated, then disabled because of the new permission request. The extension's toolbar icon disappears and the user is left confused until they click the (now yellow) hamburger menu and see the request for new permissions.


The way Chrome handles extension updates that request new permissions is extremely confusing for users and encourages insecure practices on the part of extension developers.

The current approach to these updates confuses end-users by removing the extension UI they're used to and tucking the only informative piece of UI away inside the hamburger menu with an extremely subtle indication that the user should open the menu. In some cases, the hamburger menu will not be visible - for example when running chrome in 'app mode' or in fullscreen - so then the extension simply vanishes without a trace and there is no visible indication as to why.

If the extension update requests a permission the user is not willing to grant, they have no way to roll back to the old version or reject that specific permission.

The extremely intrusive, confusing nature of this upgrade process means that users get confused and some of them will likely opt not to update, causing users to churn out every time a developer releases an update that requests a new permission.

As an extension developer, this creates an incentive for me to request every permission I could possibly need when I first create my extension. I know from experience (and the majority of extensions currently on the Chrome Web Store) that users will happily grant dangerous permissions on first install, and I now know from experience that adding permission grants later creates user confusion and leads to confused messages and support requests. This is very undesirable, because filling the store with extensions that ask for too many permissions increases the risk of an extension getting sold to a malicious third party who will then abuse the extra permission grants to do things the user doesn't want.

There are many ways this could be improved. One obvious and hopefully simple choice would be to defer the actual extension update until the user has approved it. That seems like a good place to start, and it's how most other extension systems and mobile app marketplaces work.
 

Deleted: Screenshot 2016-06-19 19.04.58.png 13.1 KB

	Screenshot 2016-06-19 19.04.58.png 13.1 KB View Download