I like this, supposing that it lets extensions request permissions at the point when the user tries to do something requiring the permission, rather than at install time. At install time, the user has no idea why the extension needs a permission, and for the user's use-case it might not even need it. The extension has to ask for maximum permissions from the beginning.<p>This should make it easier for the user to gauge privacy lost vs. feature gained, rather than having to make essentially a brand trust decision from the start.