You might be advertising the fact that you have installed hacking tools, that you have a facebook membership, that you surf using TOR to hide your identity, or even that you have installed an extension with security flaws. If you are using a public computer and wish to see which extensions are running behind the scenes, this is one way to do it.
The script tries to load images associated with the extension from a chrome://… type resource. Most of the extensions I’ve tried are detectable. Some use no images at all and so this method won’t work.
There is a certain amount of path guessing involved, but most of them can be found at chrome://[extensionName]/skin/logo.png or chrome://[extensionName/skin/[extensionName].png
There are certain cases, like with greasemonkey on Mac, in which I can’t detect the extension. I suspect it is just me who can’t find it rather than any prevention in place. Also, different versions of the same extension keep their images in different places, so your version may not trigger a hit on my list.
Let me know if there are any false results.