Sun, Jul 12, 2026NY 7:15 PM EDTLA 4:15 PM PDTLON 12:15 AM GMT+1PAR 1:15 AM GMT+2DXB 3:15 AM GMT+4SIN 7:15 AM GMT+8TOK 8:15 AM GMT+9SYD 9:15 AM GMT+10UTC 11:15 PM UTCBTC delayed quote CoinGeckoETH delayed quote CoinGeckoFresh explainers, verified sources, practical next steps
Strangely Useful

Clear, verified help for apps, money, security, AI, and everyday tech problems.

Sections
Start with topic hubsSpot fake supportFix a wrong Cash App paymentLatest storiesTopicsMoney & ChargesSearchInternet & CultureTech & AISecurity & TrustPractical TechnologyMoney & PaymentsBrowser & PrivacyAI ToolsSoftware & ServicesInternet Culture & Everyday WorkflowsHidden HistoryUseful ThingsEntertainmentQuizzesAboutHow we workHow guides are madeNewsletter
Browser & Privacy - list

Read a Browser Extension's Permissions Before You Trust Its Reviews

A five-star rating cannot tell you whether an extension can read every page you visit. The permission screen can—and it deserves a minute before installation.

Last verified July 11, 20262 sources checkedEditorial standards
A browser extension module sits beside several clearly separated permission zones.
Read a Browser Extension's Permissions Before You Trust Its ReviewsA browser extension module sits beside several clearly separated permission zones.Permissions describe an extension's potential reach, even when its current behavior appears harmless. Illustration: Strangely Useful. Generated for Strangely Useful; provenance retained.
In this story5 sectionsStart with the job-to-permission matchWarning phrases worth slowing down forCheck who is maintaining itReduce access after installationWhen an extension should not be installed

The most important extension question is not how many stars it has; it is what data and pages it can access. An extension that can read and change data on every website may need that power for its job, but the permission also creates a large consequence if the extension is compromised, sold or malicious.

Start with the job-to-permission match

A spelling assistant may reasonably need page access where you type. A coupon finder may ask to inspect shopping pages. A simple color picker asking to read every site all the time deserves more scrutiny. The Chrome and Firefox extension systems disclose requested permissions, although wording and timing differ.

Host permissions control access to matching sites. API permissions unlock browser capabilities such as tabs, downloads, history, notifications or storage. Optional permissions can be requested later when a feature needs them. A permission is not proof of abuse; it is the maximum surface you are agreeing to expose.

Warning phrases worth slowing down for

  • Read and change your data on all websites: potentially broad visibility into page contents and interactions.
  • Read your browsing history: access to visited URLs and related metadata.
  • Manage downloads: the ability to initiate or inspect download activity.
  • Communicate with cooperating native applications: a bridge beyond the browser sandbox.
  • Access clipboard data: potentially sensitive copied content, depending on browser controls.

Check who is maintaining it

Look for a coherent publisher identity, a privacy policy that describes actual collection, a maintained support page and recent updates. Search the extension's exact name and identifier, not just its marketing name. Read low and recent reviews for reports of changed behavior. None of these signals is decisive alone, but missing or contradictory information raises the cost of trust.

Beware the ownership change

An extension can be safe when installed and change later. Automatic updates are essential for fixes, yet they also mean publisher changes matter. If a familiar tool suddenly requests new permissions, shows ads or redirects searches, disable it while you investigate. Do not click through a surprise permission expansion because the extension used to be trustworthy.

Reduce access after installation

Chrome lets users control whether an extension runs on click, on specific sites or on all sites when the extension supports that access model. Firefox exposes extension permission information and controls as well. Give an extension the smallest site list that still lets its core function work.

  1. Open the browser's extensions page.
  2. Remove tools you no longer recognize or use.
  3. Open Details or Permissions for each remaining extension.
  4. Restrict site access to On click or a small allowlist when possible.
  5. Disable private-window access unless the extension is needed there.
  6. Review again after any new permission prompt.

When an extension should not be installed

Skip it if the job is trivial and the permission is sweeping, the publisher cannot be identified, the privacy policy is generic or missing, or the same task is built into the browser. A bookmarklet or website is not automatically safer, but reducing persistent privileged code is a reasonable goal.

Extension safety is ongoing maintenance, not a one-time verdict. Install fewer, match power to purpose, narrow site access and treat new permission requests as a new decision. That takes longer than reading the average review—but it examines what the extension can actually do.

Sources & methodology2 sources - evidence for this revision

The records below show what each source supports in this published revision.

  1. Declare permissionsChrome for Developersreference - Retrieved Jul 12, 2026

    What it supportsExtension host permissions and API permissions define access to sites and browser capabilities. - Chrome users can adjust extension site access in the extension details interface.

  2. Permission request messages for Firefox extensionsMozilla Extension Workshopreference - Retrieved Jul 12, 2026

    What it supportsExtension host permissions and API permissions define access to sites and browser capabilities.

The Useful Dispatch

Keep the good rabbit holes coming.

The weekly email is being prepared. No address is collected yet.

See the newsletter plan →