contentSettings

This is for extensions that provide fine-grained control over browser features, often for privacy, security, or productivity purposes.

Examples:

• A "NoScript" style extension that blocks JavaScript by default and allows users to whitelist specific sites.
• A privacy tool that blocks third-party cookies on all websites.
• A parental control extension that blocks images on certain domains.
• A "focus mode" extension that disables notifications from all sites except a few whitelisted ones.

This permission triggers a warning on installation.

{
  "name": "My Content Settings Manager",
  "version": "1.0",
  "manifest_version": 3,
  "permissions": [
    "contentSettings"
  ]
}

Why is it risky?

This permission gives an extension control over fundamental browser settings for every website. It can decide whether sites are allowed to use features like:

• JavaScript (which makes sites interactive)
• Cookies (which store login info)
• Pop-ups, camera, microphone, and location access

A malicious extension could use this to disable a website's security features, or to allow a dangerous website to access your camera or location without you knowing. This gives the extension a huge amount of control over your browsing experience and security.

This example blocks JavaScript from running on annoying-site.com.

// background.js

chrome.runtime.onInstalled.addListener(() => {
  const pattern = 'https://*.annoying-site.com/*';

  chrome.contentSettings['javascript'].set({
    primaryPattern: pattern,
    setting: 'block'
  }, () => {
    if (chrome.runtime.lastError) {
      console.error('Failed to set content setting:', chrome.runtime.lastError.message);
    } else {
      console.log('JavaScript has been blocked for annoying-site.com.');
    }
  });
});