Why Do Chrome Plugins Need Access To ‘All My Data’ and ‘Browsing Activity’?

Chris Hoffman 14-11-2012

chrome plugin privacyIf you’ve installed Chrome plugins The Best Chrome Extensions A list of only the best extensions for Google Chrome, including suggestions from our readers. Read More , you’ve probably seen a warning that they can access your data on all websites, your tabs and browsing activity, or even all the data on your computer. This warning can be scary, especially if you’re installing a simple browser extension that looks harmless.


Chrome has a permissions system, just like Android does How Android App Permissions Work and Why You Should Care Android forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to permissions when installing apps – although many users... Read More . Unfortunately, the way web browsers and web pages work means that extensions must ask for quite a few permissions to do simple things. Chrome’s permissions system is not particularly fine-grained.

Plugin Permissions

Unlike Mozilla Firefox and Internet Explorer 7 Useful Tips & Tricks For Internet Explorer 9 Users Tech websites write a lot about Google Chrome and Mozilla Firefox, so it’s easy to feel a bit left out if you use Internet Explorer. Internet Explorer 9 is easily the best version of Internet... Read More , both of which allow extensions to do anything they want, Chrome uses a permission system for its extensions. All Chrome plugins must declare the permissions they need. When you install a plugin, you’ll see a list of the permissions it requires. This gives you some idea of what a plugin can do. For example, if an extension doesn’t require any permissions, it’s definitely safe to install. If an extension requires permission to access all the data on your computer, you should be sure the extension was created by someone you trust.

Very simple plugins, such as the Timer plugin, which displays a timer button on your browser toolbar and doesn’t interact with any websites, don’t need any permissions.

chrome plugin privacy

Other plugins need different types of permissions, depending on what they do.


Access Your Data On All Websites

Plugins that interact with web pages need to declare the permissions “Access your data on all websites.” Plugins that need to see the addresses and titles of the websites you visit must declare the permission “Access your tabs and browsing activity“.

For example, LastPass LastPass for Firefox: The Ideal Password Management System If you've not yet decided to use a password manager for your myriad logins online, it's time you took a look at one of the best options around: LastPass. Many people are cautious about using... Read More is a password manager Password Manager Battle Royale: Who Will End Up On Top? Read More that needs to detect what website you’re visiting, automatically fill forms with your saved passwords, and detect when you’ve entered a password and offer to save it. The LastPass Chrome extension must ask for all these permissions because it needs to view the websites you’re accessing and run JavaScript code on the pages you visit.

better privacy plugin chrome

Other less-invasive extensions may also request these permissions. Any extension that works by running JavaScript code on the websites you visit must be able to “Access your data on all websites“. For example, the colorPicker plugin allows you to select a color used on the current website and view its exact color code. It functions by running JavaScript code on the current page, so it must be able to access all your data.


Google has no way of knowing whether an extension that manipulates the pages you visit is doing something innocuous, like picking a color 3 Color Picker Add-Ons For Web Designers & Graphic Artists [Firefox] Eyedroppers and color pickers can work outside a mammoth graphic tool like Photoshop and CorelDraw. Most of these tools are small and portable. But today, we will diverge from desktop color picking tools and look... Read More , or doing something more dangerous, such as spying on your credit card number and payment information.

better privacy plugin chrome

Extensions that only work on a single website, such as an extension that adds additional features to Gmail 6 Cool Google Chrome Extensions for Gmail Users If you're like me, you use Gmail for all of your email needs, even across multiple email accounts. Although there are plenty of email clients available, Gmail is often easier to use, quicker, and nearly... Read More , will only have the permission to access your data on that specific website. Extensions like LastPass and colorPicker must run everywhere and need more permissions.

better privacy plugin chrome


Access All Data On Your Computer

Some Chrome plugins aren’t just Chrome extensions. They include NPAPI plugins. NPAPI plugins are essentially just programs that run on your computer. Browser plugins like Adobe Flash, Oracle Java Is Java Unsafe & Should You Disable It? Oracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is... Read More , and Adobe’s PDF reader are all NPAPI plug-ins.

When a Chrome extension contains an NPAPI plugin, it has the permission to “Access all data on your computer and the websites you visit.” The NPAPI plugin runs just like a program on your computer with access to your everything on your system. You should be careful about installing Chrome plugins with this permission – it’s just like installing a program on your computer.

For example, LastPass has a special version of its Chrome plugin available from its website. This plugin has the ability to share your LastPass login state with other web browsers running on your computer. It works by using an NPAPI plugin that runs as a program on your computer.

chrome personal data


Plugins In Other Browsers

While Chrome’s permission warning messages can seem a bit scary to some users, it’s important to consider that the situation is worse with other web browsers.

For example, when you install a Firefox add-on The Best Firefox Addons Firefox is famous for its extensions. But which addons are the most useful? Here are the ones we think are best, what they do, and where you can find them. Read More , the add-on has full permission to access your entire computer, if it wants. There’s no permission system in Firefox. The only limitation is Windows’ User Account Control The MUO Security Checklist: What You Need To Do Right Now To Be Safe Security can be an overwhelming subject – there are so many potential problems we need to think about when securing our computers, our online accounts, and our wireless networks. This list should help simplify things... Read More , which prevents the add-on from running with administrator privileges.

If you pay attention while installing a Firefox add-on, you’ll see a similar warning message, although it’s less specific than Chrome’s warning message.

chrome plugin privacy

This also applies to all other software on your computer. When you install a Windows desktop application, it has full access to every file on your computer and the ability to monitor your browsing activity – if it wants to.

While it would be nice if Chrome’s extension permission system was more fine-grained, it would be extremely difficult to limit what more powerful extensions can do. To see a full list of Chrome plugin permission and a short explanation of each, read this page on Google’s website.

How much attention do you pay to permissions when you install Chrome plugins? Have you avoided installing plugins when they ask for lots of permissions, or does Chrome’s permission system provide so many warnings that you ignore them? Leave a comment and share your thoughts!

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. gemini
    May 9, 2013 at 1:38 pm

    i cannot install ant addons asking for access all data. i may not have a problem if they collect my browsing history, since their function may well depend on it, but the thought that they can collect passwords (when it is not their main function) is quite scary. basically i can own a rolls royce that has a renault interior and i cannot buy any options because of these permissions.

  2. mohit kumar
    November 18, 2012 at 6:19 am

    Firefox is the best browser in terms of usability of addons.

    Further I don't like Chrome because of privacy concerns. Why the hell I need a google account to install addons. Chrome webstore takes minutes to load. And if I use other chromium-based browsers, google doesn't allow to install extensions, nor user scripts.

    Basically, I don't like to put all my eggs in one basket.

    I prefer DuckDuckGo than google search.
    Outlook/ Rediffmail over gmail.
    Facebook/ Twitter over g+(worst social network).

  3. Kyle Venter
    November 17, 2012 at 4:51 pm

    Ha, ha, ha, this article is brilliantly written but is quite a laugh. So, those of you who think denying an app permissions is protecting your privacy? All your information is already known by large secretive U.S corporations, they control the world and all of us like little puppets, using their media to herd us left or right. Don't worry about plugins, Google already knows how fast you can walk, your gate and how many hairs you have on your left bumb cheek. I wouldn't worry about plugins when military satellites can peer through your roof from space and in high definition.

    • mohit kumar
      November 18, 2012 at 6:21 am

      Thanks for opening people's minds.

      I'm trying hard not to use google services/ products though.

    • Kevin Wiley
      November 18, 2012 at 4:33 pm

      Wow, providing the real scoop and even using your real name... Brave

    • Chris Hoffman
      November 30, 2012 at 1:04 pm

      Well, for the sake of argument, let's accept that everything you said is true.

      Even if this is true, installing a bad plugin could be a bad thing -- a private citizen could spy on you to get your credit card number or online banking information and mess up your life.

      • Kyle Venter
        November 30, 2012 at 1:37 pm

        Well, yeh Chris you are absolutely correct in that, anyone can theoretically gain access through a plugin, but then again, these days anyone can anyway, through war driving on a simple Android smartphone, even WEP, WPA etc etc keys can be cracked with the correct algorithm. A private citizen can do this all if they so wished, I reckon the problems are much deeper than a simple hacker or a poor geek who has found a way to feed his starving family, like Robin of the Hood. As long as the poor keep getting poorer, and the rich Western piggies keep getting fatter and destroying our fragile ecology even more than they have already with among other things, Nuclear weapons and the dictation of 'proper societal structuring', as long as this continues, there will always be a 'robin hood' or, if he steals money from you or I, a 'thief', in the woodwork. The increasing of policing of the internet is just an extension of the already chaotic police society created by Western Fear paradigm, built through using the media to propagate mass fear where, in fact, the very cause of those terrorism acts where the gestapo's actions in the first place. I wonder who the real people are that need to be feared? Let me just make clear that I in no way condone violence to bring about any change and I believe that the central problem in our modern society is greed, plain and simple, greed, it is why, the powerful want to control and it is why those made to suffer rise up in violent protest and action. I mean, if your kids where starving, what would you do? If bombs where falling out the sky, what would you do? This I am seeing here is simply another form of control by those who have power and priveledge, trying to steer the 'sheep' into the little boxes of control they they see as the route to providing the greatest profit for their greedy fat pale bellies. But no matter what you or I do or say, it will never change what 'they' want to happen. No amount of violence, hatred, killing, bribing, can stop what those in power wish to accomplish for their own benefit. That is, I am afraid, human nature and ultimate power corrupts, completely and totally, regardless of the 'constitution', man will always mold words to fit his/her objective. I just wish people would listen to the words of their forfathers, who knew about things such as greed, corruption and destruction. If we followed the wise of old we would not be doing this to ourselves and to our brothers and sisters. SO, in conclusion, Google will do what they want to do, we are the sheep and must follow, what was once completely 'free' will be made 'controlled' due to greed and glutony, not privacy and safety. One day when man has turned all that was good and clean into a twisted knot of filth, hate, greed and lust, then, maybe, then we will see in the mirror what we have become, me, you and I, included, and maybe then, we will all decide in one single moment, to treat others as we ourselves would like to be treated.

        • Alberto Lerma
          March 16, 2013 at 6:49 am

          Too Long/Boring/Paranoid; Didn't Read.

          I have a ton of shit in my devices and guess what? IDGAF if anyone is watching. And I think that MUO is not the best place for your shitty pseudo-manifesto, maybe a personal blog would be better.

  4. Anonymous
    November 16, 2012 at 5:24 am

    They need to take this to the next level and explain WHY? Sometimes the reasons are not obvious. But if it listed explicity why it was accessing what it does then I could at least attempt to make a good choice.

  5. Arron Walker
    November 15, 2012 at 5:14 pm

    I never really liked how the permissions worked in Chrome. I still don't, but now I understand at least. I didn't realise firefox did that - guess that's one more reason to stick to chrome.

    • Chris Hoffman
      November 30, 2012 at 1:03 pm

      Yup, they made an effort in Chrome, at least. It's helpful to realize that Firefox/the Windows Desktop don't bother trying to use such permissions at all.

  6. susendeep dutta
    November 15, 2012 at 4:00 pm

    I don't like to install many extensions in chrome as they too consume more RAM and I didn't like the permissions at first sight.But after this article,it realized me of its importance.

  7. Easton Wiki
    November 15, 2012 at 12:05 pm

    I wish extensions required less memory. They all add up so quickly =(

  8. Anonymous
    November 15, 2012 at 8:17 am long as a chrome extension gets the job done i dont really care what all permissions its asking for ...though i definitely hope that it does not do anything malicious ..i dont know but i hope that google checks for such malicious stuff before it adds any extension to its store.

  9. Lisa Santika Onggrid
    November 15, 2012 at 5:18 am

    I know my way around computers so the warnings are okay with me. Though it's meant to ensure safety, it'll scare common users or induce some sort of paranoia.Basic rules: If you don't know the program asking you permissions, chances are they're not meant to be there. Chrome is a pretty good browser but maybe not as user friendly.

  10. Sean A
    November 15, 2012 at 12:47 am

    Just a little to stalkerish but it is the best browser

  11. sophie
    November 14, 2012 at 11:22 pm

    Overly attached browser