cookies

This permission is needed for extensions that need to manage authentication sessions, track user data across sites (with user consent), or provide advanced cookie management tools.

Examples:

• A cookie editor extension for developers.
• An extension that logs a user into a service by setting an authentication cookie.
• A "share session" extension that can copy cookies from one browser profile to another.
• An extension that clears specific site cookies to quickly log out.

The cookies permission is very powerful and requires a corresponding host permission. You must specify which domains' cookies the extension can access.

{
  "name": "My Cookies Extension",
  "version": "1.0",
  "manifest_version": 3,
  "permissions": [
    "cookies"
  ],
  "host_permissions": [
    "https://*.example.com/*"
  ]
}

Why is it risky?

Cookies are small pieces of data websites use to keep you logged in and remember your preferences. This permission is extremely sensitive because it allows an extension to read, change, and create cookies for the websites you visit.

A malicious extension could use this access to:

• Hijack your accounts: By stealing the cookie that keeps you logged into your email or social media, the extension could potentially gain access to your accounts.
• Track you across the web: It could read cookies from various sites to build a profile of your browsing habits.

Be extremely cautious with extensions that request access to cookies, especially for all websites.

This example gets a specific cookie from "example.com".

// background.js

function getAuthCookie() {
  chrome.cookies.get({
    url: 'https://www.example.com',
    name: 'user_auth_token'
  }, (cookie) => {
    if (cookie) {
      console.log('Authentication Token:', cookie.value);
    } else {
      console.log('Could not find the specified cookie.');
    }
  });
}

// You could call this function from an action popup or background script.
getAuthCookie();