Extensions are powerful because they can read and change web pages. That also makes them a risk. The goal is to keep only the ones you trust and restrict their access.

Audit your extension list

  • Remove anything you do not use weekly.
  • Prefer extensions from known publishers.
  • Check reviews and update history.

Limit access

Many browsers let you set extension permissions to "On specific sites". Use that setting so extensions only run where they are needed.

Least privilege applies to browsers too.

Watch for risky permissions

Be cautious of extensions that ask to read all data on every website, especially if they do not need it to function.

A smaller extension list means less attack surface. Aim for five or fewer.