Browser extensions occupy one of the most interesting and consequential positions in the software ecosystem. They run inside the most security-sensitive application on most people's computers, with access to every page the user visits, every form they fill in, and in many cases the credentials they type. The permission model that governs this access has evolved significantly — from the relatively permissive early Chrome extension days through the increasingly restricted Manifest V3 era — but the fundamental tension remains: extensions need access to be useful, and that same access makes them potentially dangerous.

This topic page collects content from across the site that addresses browser extensions from multiple angles — the development work of building extensions that function correctly across browsers, the security analysis of how extension permissions and behaviours affect users, the privacy implications of the extension ecosystem, and the broader platform dynamics of how browser vendors shape what extensions can and cannot do. The editorial sections of this site organise content by type of writing. This topic page organises it by subject, pulling together the relevant development notes, security investigations, and journal commentary into a single view.

The scope is deliberately cross-section. Understanding browser extensions properly requires seeing the development constraints, the security implications, and the ecosystem dynamics together. A permission decision that seems reasonable from a development perspective might be deeply problematic from a security perspective. A platform policy that improves security might cripple a category of useful extensions. These trade-offs only become visible when you consider the subject from all angles simultaneously.

Building browser extensions​

Developing a browser extension that works reliably across Chrome, Firefox, and other Chromium-based browsers involves navigating a platform where the shared WebExtensions specification papers over significant implementation differences. The manifest format, the permission model, the API surface, and the review process all vary in ways that affect real-world development decisions.

Trackerless Magnets Extension​

This development case study documents the architecture and implementation of a browser extension that intercepts and modifies magnet links on web pages. The page covers the full development lifecycle — manifest configuration for cross-browser compatibility, content script implementation, URI handling, permissions model decisions, and the specific API differences between Chrome and Firefox that affected the implementation.

What makes this page useful beyond the specific extension is the transferable knowledge about cross-browser extension development. The manifest differences between Manifest V2 and V3, the content script injection patterns, the permission scoping decisions, and the testing methodology all apply to any extension project. If you are planning to build a browser extension and want to understand the practical development experience rather than just the API documentation, this is a good starting point.

The extension development landscape has shifted substantially since the Manifest V3 transition began. Chrome's timeline for deprecating Manifest V2 has been extended multiple times, Firefox has implemented its own interpretation of Manifest V3 with deliberate differences from Chrome's version, and the practical implications for extension developers continue to evolve. The development notes capture specific observations about what works across both platforms and where the implementations diverge in ways that matter.

Security and privacy analysis​

The security implications of browser extensions are both significant and poorly understood by most users. Extensions request permissions during installation with descriptions that are technically accurate but practically meaningless to non-technical users. "Read and change all your data on all websites" covers everything from a simple ad blocker to a comprehensive surveillance tool, and the permission model does not distinguish between the two.

Fraud Protection in Alternate Browsers​

This investigation examines the fraud protection effectiveness of browsers outside the Chrome ecosystem, including browsers that rely on extensions for security features that Chrome builds in natively. The analysis directly addresses the trade-offs between privacy-focused browsers that limit or disable Safe Browsing and the resulting gap in phishing and malware protection.

The investigation is relevant to the browser extension topic because it exposes the security decisions that alternate browsers make — and the security gaps that extensions are sometimes expected to fill. Can a third-party anti-phishing extension match the protection that Chrome's built-in Safe Browsing provides? The investigation provides specific data rather than assumptions, testing the actual protection latency and coverage.

For anyone who recommends or uses privacy-focused browsers, the question of whether security extensions can adequately replace built-in protections is not theoretical — it affects real users encountering real phishing pages. This page provides the evidence base for answering that question honestly.

Browser economics and the extension ecosystem​

The business models of browser vendors directly shape the extension ecosystem. Google's decisions about the Chrome Web Store, the Manifest V3 permission model, and the review process affect every Chrome extension developer. Mozilla's decisions about Add-on signing, review requirements, and API compatibility affect Firefox extension developers. And the increasing dominance of Chromium as the browser engine used by Edge, Brave, Vivaldi, Opera, and others means that Chrome's extension platform decisions ripple across the entire ecosystem.

Brave Payments​

Brave's approach to the web monetisation problem — block all ads, replace them with Brave's own advertising system, distribute cryptocurrency to publishers — is inseparable from its identity as a browser with specific extension-like built-in features. This journal entry documents the practical experience of participating in the Brave Payments ecosystem as a publisher, assessing whether the model works at the scale of an independent site.

The entry matters for the browser extension topic because Brave represents a specific philosophy about what should be built into the browser versus what should be left to extensions. By building ad blocking and payment features into the browser itself, Brave makes a statement about the limits of the extension model — and about what happens when the most popular extensions (ad blockers) threaten the economic model of the dominant browser vendor (Google). The practical experience documented here grounds that philosophical discussion in actual revenue numbers and real implementation details.

The Manifest V3 transition​

The single most consequential development in the browser extension ecosystem over the past several years has been Chrome's Manifest V3 migration. The transition changes how extensions intercept and modify network requests, replacing the powerful webRequest blocking API with a more limited declarative model (declarativeNetRequest). The stated rationale is security and performance. The practical effect is that an entire category of extensions — including the most powerful ad blockers and privacy tools — must be redesigned with reduced capabilities.

Firefox's response has been to implement Manifest V3 while preserving blocking webRequest support, creating a meaningful platform differentiation for the first time in years. This divergence matters enormously for extension developers and for users choosing between browsers based on extension capability.

The development notes and security analysis across this site's coverage track the practical implications: what breaks, what adapts, what disappears. The Trackerless Magnets Extension development notes capture specific cross-platform observations. The fraud protection investigation provides context for understanding the security claims that motivate the Manifest V3 restrictions.

What readers usually need​

Readers arriving at this topic page typically have one of these questions:

• How to build a cross-browser extension → Trackerless Magnets Extension provides a practical development case study covering manifest configuration, content scripts, and cross-platform compatibility
• Whether alternate browsers provide adequate security → Fraud Protection in Alternate Browsers tests the actual protection levels and extension-based alternatives
• Brave's monetisation model from a publisher perspective → Brave Payments documents the practical experience and honest revenue assessment
• Understanding the extension ecosystem dynamics → This page provides the connecting context between the development, security, and economic dimensions

Navigating related content​

This topic page is one of several cross-section hubs on the site. The topics index provides the full list of available topic clusters. If you are looking for content organised by editorial type rather than by subject, the section hubs are:

• How-To Guides for practical walkthroughs
• Security for investigations and protocol analysis
• Tech Notes for behavioural observations
• Web Development for server and front-end notes
• Development for scripting, tooling, and plugin work
• Reviews for product and service assessments
• Journal for reflective commentary

Browser extensions touch several of these sections, and the pages linked from this topic hub are the ones most directly relevant. As new content is published that addresses browser extension themes, it will appear here alongside the existing coverage.