
Browser extensions are useful, but they also sit close to the places where people do their most sensitive work: email, banking, payroll, shopping, cloud files, and customer portals. A stale coupon extension, PDF helper, shopping toolbar, or meeting add-on may still have permission to read data on websites you visit even if nobody has used it in months.
Today’s practical tip is simple: spend 10 minutes reviewing the extensions installed in your main browser, remove anything you no longer use, and tighten site access for anything that should not run everywhere.
Why this matters
Extensions can customize your browser, block unwanted content, manage passwords, take screenshots, translate pages, save receipts, or connect business apps. The tradeoff is permission. Some extensions can read and change website data, run in the background, or interact with pages that contain private business information.
That does not mean every extension is bad. It means extensions should be treated like installed software. Keep the ones you trust and actually need. Remove the forgotten ones. For a small business, this is especially important on computers used for accounting, email administration, customer records, remote access, banking, or Microsoft 365/Google Workspace administration.
The 10-minute extension audit
- Open your browser’s extension manager. In Chrome, go to More > Extensions > Manage extensions, or type
chrome://extensionsin the address bar. In Edge, choose Extensions > Manage extensions, or typeedge://extensions. In Firefox, open Add-ons and themes, or typeabout:addons. - Read the list slowly. For each extension, ask: Do I recognize it? Do I still use it? Do I know why it is installed? Was it installed by work, school, or an IT policy?
- Remove extensions you do not need. If it is old, unfamiliar, duplicated, or tied to a service you no longer use, remove it instead of leaving it disabled forever. You can always reinstall a trusted extension later from the official browser store.
- Check website access permissions. In Chrome, open an extension’s Details page and look for site access. If an extension only needs to work on one website, avoid giving it access to all sites. Use “on click,” “on specific sites,” or the narrowest option available when it still works for your workflow.
- Look for incognito/private window access. Most extensions do not need to run in private browsing. If you previously allowed one to run there, turn that off unless there is a clear business reason.
- Update the browser. Extension security also depends on the browser being current. If the browser is waiting for a restart to finish an update, restart it after saving your work.
- Document the keepers on shared computers. For office machines, keep a short list of approved extensions such as the password manager, printer helper, meeting tool, or security add-on. That makes the next review faster and helps spot surprises.
What to remove first
- Extensions you do not recognize. Do not assume they are harmless because they have been there a long time.
- Old shopping, coupon, or price-tracking tools. These often ask to see shopping pages and may follow browsing behavior more than people expect.
- Duplicate PDF, screenshot, translation, or grammar tools. If the browser or your normal apps already handle the task, you may not need the extra extension.
- Extensions installed as part of old desktop software. Google notes that Windows or Mac applications can install Chrome extensions, and the browser may prompt you to enable or remove them.
- Unsupported or disabled extensions. If the browser has disabled an extension because it no longer meets current requirements, find a trusted replacement or remove it.
Small-business version of this tip
If you manage a small office, do the same review on one computer from each role: front desk, bookkeeping, management, sales, and field laptops. You are looking for patterns. If one workstation has a strange extension, that may be a one-off mistake. If several machines have it, it may have come from a shared installer, synced browser profile, or a user habit that needs a quick policy change.
For higher-risk users, keep the browser cleaner than normal. The person who handles payroll, company banking, admin portals, vendor payments, or customer records should have only the extensions needed for that job. Fewer extensions mean fewer prompts, fewer surprises, and less code running on sensitive pages.
Cautions before you start deleting
- Do not remove a managed work extension without checking. If the browser says it is managed by your organization, your IT provider may have installed security, filtering, password management, remote support, or compliance tools on purpose.
- Be careful with password managers. If your password manager is a browser extension, do not remove it unless you know how to sign back in and confirm your passwords are safely stored in the password manager account.
- Removal may change workflows. A printer portal, scanner upload tool, meeting scheduler, or accounting integration may stop working until the correct extension is reinstalled.
- Watch for extensions that come back. If you remove an extension and it reappears, another desktop program, sync setting, or management policy may be reinstalling it.
When to call an IT professional
- An extension has a strange name, broad access to every website, and nobody remembers installing it.
- The browser homepage, search engine, new tab page, or pop-up behavior changed unexpectedly.
- An extension cannot be removed, keeps coming back, or says it is controlled by an unknown organization.
- A computer used for banking, payroll, admin email, or customer data had suspicious extensions installed.
- You need an approved browser-extension list for multiple employees or want to block risky extensions by policy.
The goal is not to run a perfect forensic investigation every Friday. The goal is to keep your everyday browser boring, predictable, and limited to the tools you actually trust.