Browser extensions require users to grant permissions to access various aspects of the browsers. Based on the access granted, extensions can interact with users' browser to view browsing patterns, content present in web pages, the credentials entered, browsing history etc. If the reliability of the extension is questionable, the safety of data can not be guaranteed. Browser Security Plus classifies such extensions making use of permissions that could lead to data leaks, as potentially harmful extensions. By default, Browser Security Plus identifies extensions that make use of native messaging and web requests permission to be potentially harmful. IT admins can further restrict the usage of extensions that makes use of any of the following permissions based on their requirement. With Chrome extensions management feature, IT admins can disable extensions directly or they can blacklist permissions. When permissions are blacklisted, all extensions that utilise the blacklisted permissions will be disabled on users' browsers.
Intent of Permissions used by extensions are defined below:
Permission | Description | |
2-factor devices | Allows app or extension to communicate with devices with 2-Factor Authentication that support U2F. | |
Active tab | Requests that the extension be granted permissions according to the active tab specification. | |
Alarms | Schedules tasks to run periodically or at a specified time. | |
Audio capture | Allows app or extension to capture audio directly from the microphone. | |
Background | Makes browser start up early and and shut down late, so that apps and extensions can have a longer life. | |
Bookmarks | Gives your extension access to the create, organize, and otherwise manipulate bookmarks. | |
Browser | Gives apps access to the to interact with the browser associated with the current application and its profile. | |
Browsing data | Gives your extension access to remove browsing data from a user's local profile. | |
Clipboard read | Allows app or extension to read the contents of the clipboard at any time. | |
Clipboard write | Indicates the extension or app uses cut and copy commands./ | |
Content settings | Gives your extension access to customize browser's behavior on a per-site basis instead of globally. | |
Context menus | Allows app or extension developers to add items to the context menu in browser. To open the context menu, users right-click a webpage. | |
Cookies | Gives your extension access to query and modify cookies, and to be notified when they change. | |
CPU metadata | Allows app or extension to query metadata about the system's CPU. | |
Debugger | Gives your extension access to allows for tools to instrument, inspect, debug and profile browser. | |
Declarative content | Gives your extension access to take actions depending on the content of a page, without requiring permission to read the page's content. | |
Downloads | Gives your extension access to programmatically initiate, monitor, manipulate, and search for downloads. | |
Desktop capture | Allows app or extension to capture screen, window, or tab content. | |
Detect idle | Allows app or extension to detect when the device's idle state changes. | |
Display metadata | Allows app or extension to query metadata about the system's display. | |
File system | Allows app or extension to create, read, navigate, and write to the user's local file system at a user-selected location. | |
Font settings | Gives your extension access to manage browser's font settings. | |
Geo location | Allows app or extension to get the user's current location. | |
Google Cloud Messaging | Allows app or extension to send and receive messages through the Google Cloud Messaging service. | |
HID | Allows app or extension to interact with connected Human Interface Devices (HIDs). Apps can function as drivers for hardware devices. | |
History | Gives your extension access to interact with the browser's record of visited pages. You can add, remove, and query for URLs in the browser's history. | |
Identity | Allows app or extension to get OAuth 2.0 access tokens. | |
Management | Gives your extension access to manage the list of extensions/apps that are installed and running. It is particularly useful for extensions that override the built-in New Tab page. | |
MDNS | Gives your app access to discover services over mDNS. | |
Media gallery | Gives your app access to access media files (audio, images, video) from the user's local disks (with the user's consent). | |
Memory metadata | Allows app or extension to access media files from a user's device with the user's consent. Media files include audio, images, and video. | |
Native messaging | Allows app or extension to exchange messages with native apps on user's devices. Native apps must be registered as a native messaging host. | |
Network metadata | Allows app or extension to query metadata about the system's network. | |
Notifications | Allows app or extension to create notifications and display them in the user's system tray. | |
Page capture | Gives your extension access to save a tab as MHTML. | |
Pointer lock | Required to use Pointer Lock via calls to requestPointerLock or Pepper's Mouse Lock API. | |
Privacy | Gives your extension access to control usage of the features in browser that can affect a user's privacy. | |
Power | Allows app or extension to override the operating system's power-management features. | |
Printers | Allows app or extension to control printers, submit print jobs, and query the status of a print job. | |
Serial | Allows app or extension to read from and write to a device connected to a serial port. | |
Sessions | Gives your extension access to query and restore tabs and windows from a browsing session. | |
Socket | Gives your app access to send and receive data over the network using TCP and UDP connections. | |
Set proxy | Allows app or extension developer to set or modify a proxy for specific URLs. | |
Storage | Allows app or extension to store, retrieve, and track changes to a user's data. | |
Storage metadata | Allows app or extension to query metadata about the system's storage. | |
Tab capture | Gives your extension access to interact with tab media streams. | |
Tabs | Gives your extension access to interact with the browser's tab system. You can use this API to create, modify, and rearrange tabs in the browser. | |
Top sites | Gives your extension access to the top sites that are displayed on the new tab page. | |
Tabs | Gives your extension access to interact with the browser's tab system. You can use this API to create, modify, and rearrange tabs in the browser. | |
Text to speech | Allows app or extension to play synthesized text-to-speech (TTS). | |
TTS engine | Gives your extension access to implement a text-to-speech(TTS) engine using an extension. | |
Sync file system | Allows app or extension to save and synchronize data in Google Drive. | |
Unlimited storage | Removes limit on how much data an extension or app can store on a user's computer. | |
USB | Allows app or extension to communicate with USB devices so an app can function as a driver for hardware devices. | |
Video capture | Allows app or extension to capture video directly from a user's camera. | |
Virtual keyboard | Gives your app access to configure virtual keyboard layout and behavior in kiosk sessions. | |
Web navigation | Gives your extension access to receive notifications about the status of navigation requests in-flight. | |
Web requests | Allows app or extension to observe and analyze web traffic. It also intercepts or modifies in-progress requests. | |
Web view | Required if the app uses the Webview Tag to embed live content from the web in the packaged app. |