Chrome extensions

Notes about Chrome extensions.

Privacy aka Forget About Privacy

Most useful extensions can view the contents of every web page you visit. That is READ THE CONTENTS OF EVERY WEB PAGE YOU VISIT. I’m not sure people realise how significant this is.

In particular, extensions granted the ‘Read and modify all your data on the websites you visit’ will be able to see anything on any web page whether secure (HTTPS/SSL) or not e.g. your bank details, private conversations, email, usernames etc depending on what websites you use.

There are other permissions that allow extensions to view data on a set of websites, view your browsing history, read files on your computer and a lot of other dangerous stuff.

If you use your browser to access anything vaguely sensitive e.g. online banking, then either disable all extensions or visit the site in incognito mode (ensuring that no extensions were set to ‘Allow in incognito’, which you can see at chrome://extensions).

See Understand permissions requested by apps and extensions for more info.

Where to find extensions on the filesystem

On Linux you’ll find your extensions on the filesystem at the following location:


Where [profile] is the name of your profile, ‘Default’ by default! i.e. ~/.config/google-chrome/Default/Extensions/.

On Windows they’re probably in one of these two places:

C:\Program Files (x86)\Google\Chrome\Application\[version]\Extensions\
C:\Users\[user]\AppData\Local\Google\Chrome\User Data\[profile]\Extensions

Where [version] is the version of Chrome and [user] is your username.

How to identify extensions

Each extension will be in its own directory, which has the same name as its ID.

For example:

me@pc ~/.config/google-chrome/Default/Extensions $ ls -C1

So the first extension listed there has ID aciahcmjmecflokailenpkdchphgkefd.

We can look this up on Google’s webstore using the following URL:[ID]

Where [ID] is the ID of the extension.

E.g. we find that extension with ID aciahcmjmecflokailenpkdchphgkefd is the Entanglement Web App (which is a bundled extension - more on that later): ->


If an ID isn’t found in the webstore, you may get a clue as to what the extension is by looking at its manifest.json file.

E.g. here’s the manifest.json for an extension ID nmmhkkegccagdldgiimedpiccmgmieda that I found on my system, which looks like it must be Google Wallet:

   "app": {
      "background": {
         "scripts": [ "craw_background.js" ]
   "default_locale": "en",
   "description": "__MSG_APP_DESCRIPTION__",
   "display_in_launcher": false,
   "display_in_new_tab_page": false,
   "icons": {
      "128": "images/icon_128.png",
      "16": "images/icon_16.png"
   "key": "MIGf4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzMA0GCSqGSIb3DQEBAQUAAv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuqkHq1bmje6u+pMrTuSS4SSGOSBVh0kpToN8YoJs/P/XTaFTGxQL4yrRd7FEtAC385MeXSjaQfiRiQIDAQAB",
   "manifest_version": 2,
   "minimum_chrome_version": "29",
   "name": "__MSG_APP_NAME__",
   "oauth2": {
      "auto_approve": true,
      "client_id": "",
      "scopes": [ "", "", "", "" ]
   "permissions": [ "identity", "webview", "", "", "", "*" ],
   "update_url": "",
   "version": ""

Bundled / component extensions

Chrome comes with a number of extensions which do not show in the list at chrome://extensions. I found the following on my system:

Entanglement, Google Search, Poppit!, Gmail and YouTube all appear on Chrome’s Apps page at chrome://apps.

I have no idea where Google Voice Search Hotwords and Google Wallet are used.

Load extension from file system

If an extension isn’t available in Google’s webstore you can still download and install it.

WARNING: You should only install an extension if you have inspected its source code to make sure that it isn’t doing anything malicious. Otherwise be very sure that you trust its author!

  1. Download it to your computer. It’ll probably have a .crx extension.
  2. At this point Chrome will be annoying and say “Extensions, apps, and themes can harm your computer. Are you sure you want to continue?” with the options to ‘Discard’ or ‘Continue’. If you click ‘Discard’ then the file won’t be downloaded. Click ‘Continue’ to download it.
  3. Chrome will then refuse to install the extension, with the message “Apps, extensions, and user scripts cannot be added from this website. It will have been downloaded though.
  4. Go to Settings -> Extensions.
  5. Either open your file manager and drag then extension (.crx file) to the Extensions page.
  6. Or…
    1. Unzip the extensions (a .crx file is just a zip file).
    2. Tick ‘Developer mode’ in the Extensions page.
    3. ‘Load unpacked extension….’
    4. Select the directory that contains the unzipped extension.


Last modified: 22/03/2015 Tags:

This website is a personal resource. Nothing here is guaranteed correct or complete, so use at your own risk and try not to delete the Internet. -Stephan

Site Info

Privacy policy

Go to top