Skip to content

Extension whitelisting process

Pranjal Jumde edited this page Jan 9, 2020 · 9 revisions

Extensions are a source of risk for people who use web browsers. Despite being hosted on credible sites operated by browser vendors, extensions are not vetted or endorsed by the people who make browsers — with sparingly few exceptions. Extensions are made for malicious purposes or subverted or compromised to do mischief.

To minimize exposure to these risks, it's safest to use the smallest practical set of extensions, and then only from trustworthy and competent developers. To ensure that people are aware of this risk, Brave displays a warning when you try to install an extension:

Brave's developers have reviewed a [short public list of extensions which we believe are safe to use: https://github.com/brave/extension-whitelist/blob/master/data/whitelist.json.

To add an extension to this list, please follow the following process:

  1. Create an issue detailing the extension to be added. Make sure to note factors & evidence supporting credibility and integrity of the developers & maintainers.
  2. The security team will review the issue, and may request additional information.
  3. If approved, extension whitelist will updated.
Clone this wiki locally