How Chrome Could Reduce The Extension Privacy Concerns

Whenever a user installs a Chrome extension, a warning message is shown about the permissions required by that extension, exactly similar to the app installation prompt on the Android. This is very helpful for the users, as it warns them about the possible privacy concerns.



Whenever I discover a useful extension, but see warning messages like “It can read and change all your data on the websites you visit” or “It can read and change your browsing history”, I have no choice but to skip that extension. I simply can’t take the risk of installing any spyware or adware in the name of browser extension. We all have already seen many examples (1, 2) in past, where a popular extension was involved in unethical and malicious activities.

Google Can Reduce The Fear

Interestingly, Google doesn’t allow extensions on Chrome Web Store in order to enhance the security. No extension can inject JavaScript or CSS on the Chrome Web Store pages. I wish Google extends this restriction for other websites. Users could “whitelist” desired domain names, so that no extension is allowed to inject JS or CSS on the web pages hosted on these domains. Users would be able to block extensions on important websites, like sites of banks and other financial institutions.

If you like this idea, please star this issue on Chrome bug tracker (you need to login first).

1 thought on “How Chrome Could Reduce The Extension Privacy Concerns”

Leave a Comment