Short answer: As long as you install a Chrome extension from the Chrome Web Store and do not explicitly install a separate standalone binary, then the extension is, by default, trapped within the browser profile and cannot access nor modify other Chrome users. To say that there are "no filesystem protection in place" is inaccurate, as Chrome has never supported XUL-type extensions.
I'll address the two ways the other answer mentions as routes an extension can leverage to escape the confinement of a browser profile and access other parts of the filesystem, plus an extra. The first is through the nativeMessaging
WebExtension permission, the second through triggering a file dialog, and the third is through the isAllowedFileSchemeAccess
API. None are automatic (background or otherwise) and all require the user to explicitly agree to such access.
1) A WebExtension using the nativeMessaging
permission cannot pull in the privileged native application on its own. Until the user explicitly decides to install the native application, the WebExtension is trapped within the browser profile it was installed in.
From the other answer, "[i]f any ... extensio[n] require[s] administrator access to install" then said software comprises more than just a pure Chrome extension, e.g., the extension taps into a standalone nativeMessaging
client installed outside of Chrome, and by installing the external client (outside of Chrome) one might as well have installed a system-wide standalone keylogger binary that affects much more than just the browser. Game over, but the user's fault, since s/he has overridden the security provided by the browser.
2) From the other answer: "I was ... able to launch a portable copy of Firefox in which I installed an sqlite browser ... and browse to my old profile and see my history." File dialogs require explicit user interaction, hence this is not a security bug. If the user explicitly loads files into the browser profile for the extension to manipulate, then the user has expressed his/her agreement to having their data shared with the extension. Otherwise, the extension can do nothing but hope for the user to select a file in the Open File dialog, which the user (recalling the profile is meant to trap potentially untrustworthy extensions) can simply close.
3) The isAllowedFileSchemeAccess
API on Chrome allows read-only access to the filesystem via the file:// protocol. However, "a user must explicitly permit this behavior for a given extension through the Chrome preferences pane in chrome://extensions" and as of early 2017 only 55 extensions on the CWS ask for it. (Source: Mozilla Wiki) Not only is the likelihood of encountering an extension abusing this privilege to snoop into the filesystem highly unlikely, but the privilege also requires that the user manually grants it to a browser extension.
Using separate browser profiles to isolate potentially dangerous extensions is more than good enough, as separate OS-level user accounts is overkill, unless one is defending against zero-day browser exploits that completely trash Chrome's WebExtension API permission model, in which case VM-level protections are in order. If we're playing with software that leverages exploits, then OS-level user accounts provide insufficient protection as we are now toying with malware.
Chrome Apps are an entirely different kettle of fish since they enjoy more permissions than standard Chrome extensions, but they are a deprecated technology and, more importantly, outside the scope of the OP's question since it asks about Chrome extensions. Thus, Chrome Apps are not covered in this answer.
In conclusion, a Chrome extension cannot jump across browser profiles unless 1) the user has manually installed a standalone executable external to Chrome, in which case all bets are off 2) the user selects a file in a file open dialog generated by an extension, in which case the user has explicitly granted the extension permission for arbitrary file access 3) the user manually ticks a box in chrome://extensions that extensions cannot themselves modify.
After some excessive research, I came across this article that I believe is what you are looking for.
Here is the essential information from the link:
In this Post I’ll show you how you can move entire Google Chrome Data
including History, Bookmarks, passwords, Saved Cookies etc. from one
Google Account to another and that too offline, you can Sync It online
anytime after that. Hello Everyone, Got new mail id right? Now want
to get your Google Chrome Data, Settings, and Bookmarks from your old
account to new account? It’s easy to get everything back on new
account and there are several ways to move bookmarks but you really
need this post if you want to move History, Bookmarks, Saved
passwords, Settings in your Google chrome and all.
Well let’s get ahead saying you have now two mail IDs, oldid@gmail.com
and newid@gmail.com. You are currently signed Google chrome as
oldid@gmail.com and want to move entire data to newid@gmail.com. So
what you need to do is, sign in to Google chrome using your new ID.
Yeah its newid@gmail.com For this Open Chrome://Settings In Users
section, click on Add new user.. Choose the Icon and Sign in to new
user account in your Google chrome. Lets this name as newuser, So you
have two user in your chrome say olduser and newuser. You have
entire data in your olduser and want to move to newuser. Just tap
Windows key+R to open run In Run type appdata Now open
\Local\Google\Chrome\User Data\ Let me tell you, now in this user
data folder, you can see two folder name Default and profile1 Default
folder contains entire data of Profile0 that is olduser. And
profile1 contains the Entire data of newuser. You can open default
and see the list of files named Application data Extensions Jump list
Google profile icon History Last session, Open tab And so many olduser
account related data.
Now all you have to copy or move these all data (in case you want to
transfer entire data) else selected data like history and session etc
from \default\ to \profile1\ Now open Google chrome’s new profile See
the entire data is present in your new chrome user. How to Transfer
Google chrome data from one Account to another account online. What
we have done is Moved Data from older account to new account in local
computer. It’s still not available in online account. To do this: Just
let the Google chrome sync the data once it get online and your Entire
data will be saved to your new Google chrome account with
newid@gmail.com username. It’s really helpful those who are migrating
from one Gmail account to another.
Bottom line This is really very helpful and easy method to do so, you
can go to similar location in your older version like Windows XP and
all.
Best Answer
Many thanks to everyone who posted answers to this question. Thanks to their insights, I was able to open the Login Data file from the old profile in ChromePass and retrieve my saved sites and passwords.
Now if only it were that simple in Chrome! All I had to provide ChromePass was my old Windows user password to decrypt all 208 passwords stored in the file. Seeing as how the process is that simple, I don't understand why Chrome doesn't have an option to do this built in. Actually yes I do: because they'd rather have everyone store their passwords on Chrome servers. God only knows what they might do with that information!