From the "you gotta start somewhere" files:

Sure Google's Chrome browser is fast. But since day one it has lacked add-ons/extensions that provide additional functionality.

Today Google Chrome still doesn't have extensions, but Google developers now have a "design doc" that is an initial attempt at a roadmap. In my opinion, the roadmap looks like it's an effort to do an add-ons/extensions approach that is as good (if not better) than the one that Mozilla Firefox uses today.

Firefox 3.x has made great strides in improving how add-ons are consumed, and Mozilla continues to expand that effort. With Chrome, the Google developers are trying to start with a secure mechanism for obtaining and updating extensions from day one. This is a big deal and one that no doubt is the result of Firefox's experiences.

It looks like SSL, signed extensions and a central repository for auto-updates and validation are all part of the plan.
According to the roadmap:

We will provide a service designed to reduce burden to developers by reducing traffic costs and providing a robust, secure mechanism for autoupdates that they can easily leverage rather than having to handle the logistics on their own site.  It would also provide authors with a way to easily create and verify their extension packages and manifests. However, developers will always have the option to package, sign, and host extensions on their own site. The central service will maintain a blacklist of known malicious or harmful extensions.  This blacklist will be used by the browser to disable these extensions.

All sounds good to me. What would be even better though is a cross-browser standard API set for add-ons/extensions such that a developer could build once and then deploy to all browsers that support the standard. I know, someone spiked my coffee this morning - but hey the time/effort/trouble of building extensions for yet another browser is likely something that few (external to google) look forward too.