From stricter disclosures to an entirely new platform, Google has been continuously working to make extensions better respect user privacy and more secure. Next year, Chrome will require users to first approve what sites an extension can access in a change to the default behavior.

Chrome, since 2018, has let you right-click on an extension to access a “This can read and change site data” menu with three options:

  • When you click the extension
  • On example.com
  • On all sites

It’s a powerful capability that gives users the ability to restrict where an extension can run. Next year, Google will make these underlying controls much more prominent. 

At the moment, these third-party add-ons run “on all sites.” Moving forward, Chrome extensions will have to request site-by-site access in a move that greatly limits what browsing data can be seen by default.

You can allow extensions to run on an entire domain. The old behavior that lets them see every single page open — which is needed for ad blockers — also remains an option. Regardless, users have to explicitly grant that permission, thus resulting in a secondary step where extensions no longer run the moment they are installed.

This change to the default level of access that Chrome extensions have is coming sometime in 2021. It will initially be enforced on newly-added extensions, but eventually, apply to everything installed on your browser. 

More about Chrome extensions:

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author