ExtensionTrust

How to Tell If a Browser Extension Is Safe

By

Checking whether a browser extension is safe to install

A browser extension runs inside your browser, often with permission to read everything you do on the web. A good one is genuinely useful; a bad one can quietly log your passwords, inject ads, or sell your browsing history. The store listing alone won't tell you which is which. Here is the checklist we run on every extension we profile.

1. Check who actually publishes it

Scroll to the "offered by" or publisher name on the store page. Is it a real, named company or developer you can look up? Click through to their website. An extension from a verified publisher with a public company behind it is far safer than one from an anonymous account created last month. No identifiable publisher is a red flag, not a dealbreaker — but it raises the bar for everything else.

2. Read the permissions it requests

This is the single most important step. When you click "Add to browser", the popup lists what the extension can do. Ask: does it need this to do its job? A note-taking extension that wants to "read and change all your data on all websites" is over-reaching. A spell-checker that wants access to your browsing history makes no sense. We explain each permission in plain language in our guide on browser extension permissions explained.

3. Look at the user count and ratings — carefully

A million users and 4.7 stars is reassuring, but not proof. Ratings can be inflated, and popularity doesn't equal safety (popular extensions are bigger targets for acquisition and abuse). Read the recent 1- and 2-star reviews specifically — that's where people report sudden ads, broken features after an update, or privacy concerns.

4. Check when it was last updated

An extension that hasn't been updated in two or three years is a risk: the developer may have abandoned it, leaving security holes unpatched — or worse, it may have been sold to a new owner (more on that below). Recent, regular updates from the same publisher are a good sign.

5. Find the privacy policy and search it

A trustworthy extension links to a privacy policy that says what data it collects and what it does with it. Open it and search (Ctrl/Cmd-F) for words like "sell", "third party", "analytics" and "browsing". If there is no privacy policy at all for an extension that can see your web activity, treat that as a serious warning.

6. Watch for ownership changes

Extensions are bought and sold like any other asset. A safe, beloved tool can change hands and turn into adware or spyware overnight, pushed silently through an auto-update. If reviews suddenly mention new ads or strange behaviour "after the latest update", that's the tell. We cover this pattern in depth in why browser extensions get sold and turn malicious.

The shortcut

Running all six checks by hand takes time. That's exactly what this site automates: paste an extension's name or store link into our safety checker and we'll show you its publisher, permissions, privacy facts and a safety grade — each backed by a documented source. You can also browse our extension safety profiles or see the safest options ranked by category, like the best ad & content blockers.

Want to know how we turn these checks into a grade? Read our scoring methodology.