5 Popular Google Chrome Extensions You Might Want To Avoid

Out of the box, Chrome is a functional, albeit boring, browser. The real fun starts when you try all the cool Chrome extensions. If there's something Chrome can't do — or can't do well — then there's a good chance an extension out there upgrades its capabilities. There are Chrome extensions to boost your productivity, Chrome extensions to block websites, and even Chrome extensions for gamers. With that said, not every Chrome extension is worth installing, and some are downright malicious. It seems like every month, we learn about a dozen new Chrome extensions that inject malware. Yet even some big-name extensions may not be worth installing despite posing no direct harm to your device.

A classic example is Web of Trust, an extension designed to keep you away from problematic websites. In 2016, experts learned that Web of Trust was gathering poorly-anonymized user browsing history and then selling it to third-party buyers, without its users' knowledge. The extension returned after a temporary removal period from both Firefox and Chrome extension stores, yet the damage was done. Few who are aware of the history of Web of Trust are likely to use it. In that spirit, we're looking at five popular Chrome extensions that you may have heard of — or may be using — that your browser might be better off without.

PayPal's Honey browser extension has a strong pitch: finding online coupon codes for you and automatically inputting them at checkout. Except, there may have been some serious issues behind the scenes. We know of this thanks to an in-depth investigation by YouTuber MegaLag. MegaLag alleged that Honey was manipulating YouTuber affiliate cookies so that it would get the cut for an affiliate purchase, rather than the creator who published the affiliate link. So it wasn't just (allegedly) stealing money from affiliate links, it was doing it to YouTubers who promoted Honey. So, Honey may have been paying YouTubers to promote itself, while at the same time reaching into their back pockets to take some of that money back. Yikes.

Honey's users may have been taken advantage of as well. MegaLag discovered that Honey may have been running back-channel deals with seller websites. It would agree to use inferior coupons (or pretend to find no coupons) so that the website made more money from a purchase, and that website possibly kicked back a cut of the spoils to Honey. In summary, Honey was allegedly stealing money from creators and providing little to no value to the end user. Neither is good. In retrospect, a free extension that automatically puts in coupon codes does sound a little too good to be true.

Since that revelation, Honey lost approximately 5 million users. It seems the cookie manipulation going on in the background was quietly fixed, but the extension is still up and running. Devin Stone, a lawyer hosting the YouTube channel LegalEagle, filed a lawsuit against PayPal. PayPal denied the accusations, but we still advise against using the extension since this entire story may not be over. 

In our article on the best VPN services available in 2025, we stressed avoiding free VPNs as much as possible. The issue with a free VPN is that, since you're not paying for it, it has to make money some other way. Free VPNs typically collect and sell your browsing data. Hola VPN, a popular free VPN, may have had an even bigger problem. Unlike typical VPNs, where your connection is routed through the VPN company's server in a specific location, Hola VPN has a peer-to-peer infrastructure whereby users piggyback on the IP addresses of other users to access content in that location.

So, your computer, whether you're actively using the extension or not, becomes a server of sorts for random people to connect to as a VPN for your location. Since VPNs market themselves as providing users with anonymity, the websites that those strangers visit may be adult sites at best, and far more problematic sites at worst. It's not that far from making your device a Tor network exit node for dark net or deep web websites. Imagine some other Hola VPN user visiting a website that hosts illegal content, or uploading their own illegal content; Your ISP provider (or the government) could think it was you visiting those websites.

Further, Hola VPN uses the dated IKEv2 encryption standard. IKEv2 isn't uniquely flawed, per se, but it does raise questions about why Hola VPN doesn't upgrade to more modern encryption protocols like WireGuard. Combined with that problematic peer-to-peer infrastructure, security researchers from the "Adios, Hola" website warned that the extension primes you for a correlation attack. So instead, spend a couple of dollars a month on a paid VPN, or recalibrate your expectations of whether a VPN really keeps you anonymous.

Grammarly is practically Chrome's de facto grammar checker extension, and has been for many years. We recommend uninstalling. The primary issue has to do with Grammarly's privacy policy. To power its text correction, grammar suggestion, and AI features, it needs to temporarily store that data (your writing) on its server for processing. While it claims to encrypt your data and make it inaccessible to anyone, the question remains if you should trust them.

The first issue is that privacy policies get violated by their own companies all the time. Since Grammarly is storing your text on its servers rather than processing it locally, there's no knowing whether or not it will comply with leaving it encrypted, not accessing it, or deleting it. Grammarly doesn't use end-to-end encryption (which would prevent anyone but you from accessing it), so you have to take the company's word for it. Second, Grammarly has been victim to a pretty heinous vulnerability in the past. In 2018, a security flaw could have potentially let hackers see the personal records of all 22 million users, according to The Register. Some of the worst data breaches in internet history are also some of the most recent, so there's no telling if or when Grammarly could be targeted again.

Third, and most importantly, Grammarly may be training its AI with your information. You have to opt out of its AI model training even if you pay for a Pro account. In a world where big tech companies like Meta pirate authors' books to train AI chatbots, and chatbots can sometimes regurgitate an author's work verbatim, any writer is going to be concerned about Grammarly feeding their work to a model. We recommend using your computer's default spell check or trying the best Grammarly alternatives to help your writing instead.

You need to start using a password manager. Not only does it ensure that all of your passwords are practically uncrackable, but it's more convenient, too. However, we'd advise against LastPass and its password-filling extension. LastPass used to be one of the best password managers alongside 1Password, Bitwarden, and Dashlane, until it suffered a troubling data breach in 2022. Hackers managed to steal people's vaults and decrypt some of the stolen data. Vaults, for those unaware, are where people put their passwords and other sensitive information. While this did not grant hackers unfettered access to user master passwords or password data, it exposed users to highly targeted attacks, such as spear phishing and brute force dictionary attacks. If that wasn't bad enough news, it was the second data breach that year.

The blowback from the breach didn't bring its full force to bear in 2022. Over the following years, hackers struck gold, pilfering millions of dollars worth of cryptocurrency belonging to LastPass users. To be fair to LastPass, there is no hard evidence that the crypto theft was a direct consequence of the 2022 data breach, but even if it is completely unrelated, it doesn't inspire confidence.

Whatever the case, LastPass has stiff competition from companies with stronger security track records and great Chrome extensions. Consider using the built-in password manager, Google Password Manager, and you won't have to faff about with extensions. Even Samsung Pass has an extension. 1Password has a reputation for being the most fully featured, but if you want free options, Bitwarden is hard to beat — and it generally has higher ratings than 1Password.

Adblock Plus is perhaps the most widely used ad blocker available. We suggest using a different one. Why? One reason: acceptable ads. The basic idea is that an internal committee whitelists certain non-intrusive ads, such as those that interrupt your content. Adblock Plus claims that this is to ensure that websites and creators get revenue, provided they respect you. Here's the problem with that: You're trusting AdBlock Plus, a profit-driven company, to be objective about which ads are truly intrusive.

Adblock Plus admits that it's impossible to guarantee that all of the acceptable ads meet its criteria — which makes you wonder what's slipping through — and the company gets paid by larger properties to serve you ads. It would seem that companies paying to have ads whitelisted are prioritized. To be completely fair to Adblock, they do allow you to disable the acceptable ads feature. However, we'd argue it's better to use a different adblocker that doesn't make these sorts of compromises in the first place.

It's also a bit strange how Adblock Plus was largely unaffected by the transition to Manifest v3, whereas the popular uBlock Origin downgraded to the more limited uBlock Origin Lite extension. The transition to Manifest v3 was a hugely unpopular decision. Many disagreed that it improved security, but rather helped Google (an ad company) neuter ad blockers to protect its revenue stream. It's curious how willingly Adblock Plus (an ad blocker that openly cooperates with ad companies) ceded to the change.