From stricter disclosures to an entirely new platform, Google has been continuously working to make extensions better respect user privacy and more secure. Next year, Chrome will require users to first approve what sites an extension can access in a change to the default behavior.|
Chrome, since 2018, has let you right-click on an extension to access a “This can read and change site data” menu with three options:
When you click the extension
On all sites
It’s a powerful capability that gives users the ability to restrict where an extension can run. Next year, Google will make these underlying controls much more prominent.
At the moment, these third-party add-ons run “on all sites.” Moving forward, Chrome extensions will have to request site-by-site access in a move that greatly limits what browsing data can be seen by default.
You can allow extensions to run on an entire domain. The old behavior that lets them see every single page open — which is needed for ad blockers — also remains an option. Regardless, users have to explicitly grant that permission, thus resulting in a secondary step where extensions no longer run the moment they are installed.
This change to the default level of access that Chrome extensions have is coming sometime in 2021. It will initially be enforced on newly-added extensions, but eventually, apply to everything installed on your browser.