VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

At Chrome Dev Summit 2020 today, Google announced it will change how extensions access data and how extension permissions work in 2021. On January 18, a day before the release of Chrome 88, Google will require that every extension publicly display its privacy practices and will limit what developers can do with the data they collect.

With over 1 billion users, Chrome is both a browser and a major platform. The Chrome Web Store hosts more than 250,000 extensions and themes with 4 million Chrome extensions downloaded every day. These privacy changes will impact not just users and developers but businesses too, from startups that build extensions to enterprises that rely on extensions for internal and external use.

The first change means that Chrome users next year will determine which websites an extension can access when they browse the web. Once you grant an extension permission to access a website’s data, that preference can be saved for that domain. Today, the extension makes that call. In 2021, you will still be able to grant an extension access to all the websites you visit, but that won’t be the default.

Chrome extensions privacy practices


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

Google outlined the second change last month: “each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language.” The company also updated its user data privacy policy with an addition to how extension developers use data they collect. Specifically:

  • Ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension.
  • Reiterating that the sale of user data is never allowed. Google does not sell user data and extension developers may not do this either.
  • Prohibiting the use or transfer of user data for personalized advertising.
  • Prohibiting the use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers.

Starting January 18, listings for extensions on the Chrome Web Store will show whether the developer has certified that their extension complies with the above.

Chrome potentially harmful extensions disabled

This is part of a bigger effort by Google to improve extension security and privacy. Back in May, Google added a new Safety Check with the release of Chrome 83 that tells you if the passwords you’ve asked Chrome to remember have been compromised, whether Google’s Safe Browsing service is turned off, if your Chrome version is up-to-date, and whether any malicious extensions are installed. Since then, Google says that the number of malicious extensions that Chrome disabled to protect people grew by 81%.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.