ChrisIn this excellent article you can find the repository that contains probably the most malicious chrome extension ever created.
It’s spy-extension, and if you’re interested in the capabilities, security, permissions and various APIs, that seems like a fun place to start.