> Aren't extensions written in JavaScript? That alone sounds like it'd make it pretty easy to examine and remove any "unwanted functionality" from one
How? One of the biggest offenders are extensions whose expected behavior is to send large amounts of data to a remote server to be used on your behalf, but where they actually then use the information for other purposes, sell it to others, etc.
Examining the client side JS will never tell you what the back end is doing with the data, only what data is transferred, and so won't identify this kind of nefarious behavior at all.
How? One of the biggest offenders are extensions whose expected behavior is to send large amounts of data to a remote server to be used on your behalf, but where they actually then use the information for other purposes, sell it to others, etc.
Examining the client side JS will never tell you what the back end is doing with the data, only what data is transferred, and so won't identify this kind of nefarious behavior at all.