In order to test when extensions are disabled by Chrome I created a private extension in the Chrome Web Store.

I started with a simple definition for manifest.json and then I added fields and settings one by one. For each test, I:

1. uploaded a new version to the store
2. waited for Google to publish the extension (this took a lot of time!)
3. forced the extension update on a testers' account
4. writed down the results

After 13 tests, this is what I've found:

Changes in manifest that DISABLE the extension

• Adding an entry at "content_scripts" > "matches" [Warning: "Read and change your data on example.com"]
• Adding "externally_connectable" > {"ids", "matches"} [Warning: "Communicate with cooperating websites"]

Changes in manifest that did NOT disabled the extension (no warnings)

• Adding "declarativeContent" permission
• Adding "optional_permissions" > all hosts
• Adding an entry at "externally_connectable" > "ids" (after externally_connectable was accepted)
• Adding an entry at "externally_connectable" > "matches" (after externally_connectable was accepted)
• Adding an entry of a host without permissions at "externally_connectable" > "matches" (after externally_connectable was accepted)
• Adding "incognito": "split"
• Adding "content_security_policy" > script-src URL
• Adding "web_accessible_resources"

Plus, permissions listed at permission_warnings#nowarning docs.

I probably did some silly tests like "web_accessible_resources", but I prefer that than having Chrome disabling my extension again.

Special test

Since I'm moving to optional_permissions, all hosts listed in permissions are removed. So, I wanted to know what would happen with the disabled extension when a new update does not have the problematic permission anymore:

Update 1: a new host is added at "content_scripts" > "matches" => Extension disabled

Update 2: the problematic host is removed from "content_scripts" => Extension ENABLED again

To conclude, if you made a mistake you can release a new version rolling back the changes that caused the extension to be disabled.

If I move the site's list from permissions to optional_permissions does the user need to approve those sites again? or just the ones that I add over time.

The answer is straightforward, no. Chrome stores all permissions given to the extension over time. So, only the new hosts on optional_permissions need to be approved.

1. If I move the site's list from permissions to optional_permissions does the user need to approve those sites again? or just the ones that I add over time.

New users: yes, they will need to approve it.

Existing installs that get updated: most likely no.

Consider: even if you completely remove a permission, and then put it back again, it is still considered granted.

The general documentation quote is: "Chrome prompts the user if adding the permissions results in different warning messages than the user has already seen and accepted."

2. Could any of these changes cause the extension to be disabled?:

   a. I add sites in the matches section of an entry in content_scripts

   b. I add sites in the matches section of an entry in externally_connectable

a. Adding matches to content_scripts is equivalent to giving full host permissions and will cause your extension to be disabled if it's a new host. If you already had host permissions for that host, it will not be disabled.

b. I don't know. In theory, this does not grant your extension any new permissions, so it shouldn't.

3. Is there a way to define externally_connectable in optional_permissions?

As per docs, no. It's not a permission to begin with.