Start visible
Read the Chrome permission prompt before installing.
Use this checklist to review AI browser extension permissions, page-context access, privacy policies, and support signals before installing a tool.
Read the Chrome permission prompt before installing.
Check whether the extension is user-triggered or always active.
Open the privacy policy and look for selected text, URL, page context, retention, and AI provider details.
Test the extension in a separate Chrome profile before using it on sensitive work.
Remove the extension if the permissions, policy, or support path are unclear.
Permission names alone do not prove an extension is safe or unsafe. The risk depends on scope, trigger behavior, data sent to servers, and whether the feature clearly needs that access.
| Permission | Risk level | What it can mean | Question to ask |
|---|---|---|---|
| activeTab | Lower | The extension can act on the current tab after a user gesture. | Does it only run after a click, shortcut, or selection? |
| scripting | Medium | The extension can inject scripts into pages it is allowed to access. | Is script injection limited to the page where you ask a question? |
| storage | Lower | The extension can save settings, prompts, usage state, or local preferences. | Does the privacy policy explain what is stored locally and remotely? |
| tabs | Medium | The extension can read tab metadata such as URLs and titles. | Does the product need URL/title context to answer page-specific questions? |
| host permissions | Higher | Broad host access can allow an extension to run on many websites. | Can access be limited, user-triggered, or clearly justified? |
| clipboardRead / clipboardWrite | Medium | Clipboard access can make copying easier but should have a clear user action. | Does clipboard use happen only when you explicitly copy or paste? |
| webRequest | Higher | Network request access can expose sensitive browsing activity. | Is there a strong feature reason, and is the data handling documented? |
Before installing an AI Chrome extension, check whether it is user-triggered, whether it asks for broad host access, what page context it sends, which AI providers process prompts, how long usage records are retained, and whether a real support or privacy contact exists.
Vezz me starts with selected text and page context, so you can ask from the source without turning browsing into another workspace.