Why most extension guides are already wrong

New PC, fresh Chrome install. You search “best Chrome extensions.” You get a list with uBlock Origin at number one. You install it. It doesn’t work. You wonder what you did wrong.

You didn’t do anything wrong. The list is wrong. The full uBlock Origin has not worked on Chrome since July 24, 2025 — when Google disabled all Manifest V2 extensions in Chrome 138, permanently. The developer, Raymond Hill, explicitly refused to build a stripped-down MV3 version because the platform limitations would make it “something entirely different.”

Still seeing uBlock Origin on other lists?

The original uBlock Origin was removed from the Chrome Web Store and disabled in Chrome 138 (July 24, 2025). Any guide recommending it for Chrome without noting this is at least eight months out of date. The correct replacement for Chrome is uBlock Origin Lite — same developer, MV3-compliant, different product.

Of the five major competitor guides audited for this piece — PCWorld (October 2025), Medium (January 2026), Everhour (December 2025), usevoicy.com, builder.io (March 2026) — none correctly flag the July 2025 Chrome 138 shutdown for general readers. That’s the gap this guide fills first.

uBlock Origin Lite crossed 8 million Chrome users by July 2025, meaning the migration already happened in practice. The lists just didn’t follow. The gap between what extension guides recommend and what actually runs in Chrome is now eight months wide — and for the most-recommended extension in the category.


What happened, and when

Google spent two years deprecating Manifest V2 — the extension platform that allowed serious content blocking via real-time request interception. Here’s the actual timeline.

Chrome Manifest V2 Deprecation Timeline
Mid-2024
MV2 phase-out announced. Chrome begins showing “no longer supported” warnings for MV2 extensions in browser settings.
Late 2024
uBlock Origin removed from Chrome Web Store. Developer Raymond Hill declines to build a reduced MV3 version. uBlock Origin Lite (uBOL) published separately as the official MV3 alternative.
Mar 31, 2025
MV2 disabled by default for all Chrome users. Temporary toggle to re-enable still exists. Enterprise delay possible via policy.
Jul 24, 2025
Chrome 138: MV2 disabled everywhere. No re-enable option. The full uBlock Origin, along with all other MV2 extensions, stops working permanently for all users.
Late 2025
MV2 removed even for enterprises. Chrome 139 removes MV2 support entirely, including for organizations with policy overrides.
Apr 2026
MV3 ecosystem stabilized. uBlock Origin Lite surpasses 8M users. AdGuard MV3, Ghostery remain as capable Chrome alternatives. Full uBO still available on Firefox and Brave.

The practical impact: the MV3 architecture replaced the webRequest API — which allowed extensions to dynamically intercept and filter network requests — with declarativeNetRequest, which hands a static rule list to Chrome in advance. The full uBlock Origin used over 300,000 dynamic rules. The new system is capped at a fraction of that, and can’t adapt in real time when ad networks change their delivery methods.

Second-order mechanism

The reason most users didn’t notice the change immediately: MV3 ad blockers still stop common ad domains. The degradation is specific to cosmetic filtering and dynamic anti-circumvention. Sites that rotate ad delivery — YouTube being the obvious example — expose the gap most clearly. The average user experiences “slightly more YouTube ads” rather than “ad blocking is broken,” which is why complaints are scattered rather than overwhelming. The monitoring signal looks like a mild regression, not a system failure.


15 extensions, in install-order priority

Ordered by impact on day one. Security and privacy first — because browsing without them is genuinely risky, not just annoying. Then productivity. Then the tools that are useful for specific use cases.

🔒 Security & Privacy
01
uBlock Origin Lite Free Not full uBO
★ 4.4 · 8M+ users (July 2025) Chrome Web Store →

The official MV3 replacement for uBlock Origin, by the same developer (Raymond Hill). Ad blocking and tracker blocking work at network level — you’ll see empty ad-container placeholders on some pages because cosmetic filtering got weaker under MV3, but the core blocking holds. If you need the full original: switch to Firefox or Brave. For Chrome, this is your best native option.

02
Bitwarden Free / $10 yr
★ 4.7 · 3M+ users Chrome Web Store →

Open-source password manager. Free tier covers everything most people need: unlimited passwords, sync across devices, secure notes. Stop reusing passwords — this is how. Premium adds hardware key (YubiKey) support and encrypted file storage for $10 a year. If you already use 1Password or Dashlane, skip this; running two password managers simultaneously creates autofill conflicts and doubles your attack surface.

03
ClearURLs Free
★ 4.7 · 700K+ users Chrome Web Store →

Silently strips tracking parameters from every URL before you visit it or share it. Those ?utm_source=newsletter&utm_medium=email&utm_campaign= strings that trail off for 200 characters? Gone. Zero configuration. You install it and forget about it, which is exactly how a good privacy tool should work.

◯ Productivity & Focus
04
Grammarly Free / $12+/mo Privacy note
★ 4.5 · 10M+ users Chrome Web Store →

Inline spell-check and grammar correction in every browser text field: Gmail, Google Docs, Slack, forms, anything. Free tier handles the basics. The caveat worth taking seriously: it reads everything you type in browser text fields — that’s how it works, it’s disclosed in their privacy policy, and you should not use it for confidential legal or medical documents. A 2026 Incogni study of 442 AI-powered extensions ranked Grammarly among the most privacy-intensive popular tools based on permissions and data collection scope. That’s the actual tradeoff.

05
OneTab Free
★ 4.6 · 2M+ users Chrome Web Store →

Click the button: all open tabs collapse into a single scrollable list. Memory drops. You can restore individual tabs or the whole set at once. Not a replacement for actual workflow organization — but a good emergency valve when you find yourself drowning in 40 open tabs with no idea where anything is.

06
Session Buddy Free
★ 4.6 · 500K+ users Chrome Web Store →

Saves named tab sessions that you can switch between. The distinction from OneTab matters: OneTab collapses tabs into a list. Session Buddy saves named workspaces. If you work across two or three projects simultaneously — client A staging environment, client B Jira board, your own project — you can save each set and restore it in one click. Genuinely underused for how useful it is.

07
Momentum Free / $3.33/mo
★ 4.6 · 3M+ users Chrome Web Store →

Replaces your new tab page with a minimalist dashboard: full-screen photo, clock, daily focus prompt, to-do list, weather. Your new tab stops being a news feed screaming at you. That shift is worth more than it sounds when you open tabs forty times a day.

⚒ Utility & Knowledge Tools
08
Dark Reader Free / Donate
★ 4.7 · 5M+ users Chrome Web Store →

Forces dark mode on every website, including ones that never implemented it natively. Configurable brightness, contrast, sepia tone. Some sites look a bit off — light-colored images on dark backgrounds, occasional color inversion weirdness — and you can whitelist specific domains where it causes problems. At 2 a.m. reading documentation, this extension matters.

09
Google Translate Free
★ 4.2 · 10M+ users Chrome Web Store →

Full-page and inline translation with a click. Chrome has some translation built in natively now, but this extension gives you more granular control over when it triggers and how it presents. Indispensable for international supplier sites, foreign documentation, global news. Not glamorous. Just works.

10
Pocket Free / $4.99/mo
★ 4.1 · 2M+ users Chrome Web Store →

One-click saves any article for later in a clean, stripped-down reading view, synced across devices. The “I’ll read this later” tool that actually works because it removes all friction between finding something and saving it. Competitor: Instapaper, essentially identical. Pick one, not both.

11
Wappalyzer Free / Paid tiers
★ 4.4 · 1M+ users Chrome Web Store →

Shows the full technology stack of any website: CMS, analytics, ad platforms, CDN, frameworks, databases. One toolbar click. Useful if you work in marketing, sales, web development, or are genuinely curious how something was built. Niche enough to leave off if it doesn’t apply to you — but indispensable for the right person.

12
Loom Free / $15/mo
★ 4.6 · 4M+ users Chrome Web Store →

Screen recording with an instant shareable link. Record, stop, get a URL. No file to upload, no email attachment, no “let me share my screen.” Widely used for bug reports, async feedback, and onboarding walkthroughs. The free tier caps recordings at 25 videos. Skip this if you don’t record screens regularly. If you do, it’s the fastest tool in the category.

13
Honey Free Data tradeoff
★ 4.5 · 10M+ users · PayPal-owned Chrome Web Store →

Automatically applies coupon codes at checkout across most major retailers. The product works. The tradeoff: PayPal (which acquired Honey in 2020) monetizes your shopping behavior data — this is disclosed, it’s their business model. If that’s acceptable to you, it saves real money. If it’s not, Capital One Shopping is a comparable alternative with a different data model. Do not run both simultaneously.

14
Click & Clean Free
★ 4.9 · 200K+ users Chrome Web Store →

One-click wipe of browsing history, cache, cookies, and download history. More granular configuration than Chrome’s native clear-data dialog — you can specify exactly what gets cleared and add it as a button. Useful on shared machines and useful when Chrome starts slowing down from accumulated cache.

🧠 AI Assistants (verify permissions before installing)
15
Monica Free / $8.3/mo Pro Google 2025 Pick
★ 4.6 · 4M+ users Chrome Web Store →

AI assistant sidebar available on any webpage: summarize content, translate, rewrite text, ask questions about what you’re reading. Google named it a 2025 Editor’s Pick alongside Sider as the dominant “AI copilot” extension category. The necessary caveat: any extension that reads page content has broad data access by design — that’s architecturally required for the summarization feature. Check permissions on install. If your work involves confidential documents in Chrome, disable this extension on those domains or use a dedicated profile. Free tier: 30 AI queries per day.

All ratings and user counts from Chrome Web Store, April 2026. Treat as directional — no independent audit conducted.


Ad-blocker options for Chrome in 2026

Because this question comes up constantly and the answer is genuinely confusing right now. The full table:

Option Works on Chrome? Blocking quality Cost ⚠ Limitation / caveat
uBlock Origin (full)
Original MV2 version
No — removed July 2025 Was: excellent. 300K+ dynamic rules. Free LimitationChrome 138 (July 24, 2025) disabled MV2 entirely. Cannot be re-enabled. Use Firefox or Brave for the full version.
uBlock Origin Lite
Official MV3 replacement
Yes Good: network-level blocking holds. Cosmetic filtering weaker. Free LimitationPoPETs 2026 found no stat-sig drop in network blocking, but visible cosmetic gaps (empty ad containers) remain. 8M users as of July 2025.
AdGuard
MV3 version, late 2024
Yes Good. Only MV3 extension supporting custom filter rules. Free LimitationOnly blocks ads on install. Tracker, annoyance, and security filters require manual enable in settings. Easy to miss if you don’t configure it.
Ghostery
MV3 compliant
Yes Good. Also blocks cookie consent popups. Free LimitationBusiness model involves anonymized analytics data — disclosed. Effective on YouTube per their documentation. Check their privacy policy before installing.
Brave browser
Built-in Shields
N/A — different browser Excellent. Native engine, full uBO also available. Free LimitationRequires switching from Chrome. Full uBlock Origin works natively on Brave. Strongest blocking option if you’re willing to change browsers.
Sources: ublockorigin.com (2026), digitbin.com (Apr 2026), standsapp.org (Nov 2025), ghostery.com. PoPETs 2026 study cited via standsapp.org — full methodology not independently confirmed; treat as directional.

Extension security risks you actually need to know

Most extension guides treat security as a footnote. It shouldn’t be. Here are the numbers.

346M Users installed risky extensions over 3 years (Stanford University study)
60% Chrome extensions haven’t received a developer update in over 12 months
287 Extensions found leaking user data in a February 2026 investigation by The Register
42% Extensions with known vulnerabilities remained exploitable 2+ years after disclosure

A Stanford University study evaluated extension safety in the Chrome Web Store and found thousands of “security-noteworthy extensions” — including malware, privacy violations, and known vulnerabilities — that remained available for years, accumulating millions of installs. User ratings, the study found, were unreliable safety indicators; dangerous extensions frequently maintained high ratings.

📌
The supply-chain attack pattern

The most dangerous attack vector isn’t sketchy unknown tools. It’s trusted extensions that get hijacked after install. A developer’s account gets phished, a malicious update ships automatically, and your “trusted” extension starts stealing session cookies. This happened to Cyberhaven, VPNCity, and Parrot Talks among dozens of extensions in 2024–2025. The compromised extensions impacted approximately 2.3–2.6 million users total.

In January 2026, Google patched a high-severity vulnerability tracked as CVE-2026-0628 (CVSS 8.8) — a flaw in Chrome’s WebView component that allowed malicious extensions with basic permissions to escalate privileges into the Gemini Live panel, potentially accessing the user’s camera, microphone, screenshots, and local files. The discovery came from Palo Alto Networks Unit 42 researcher Gal Weizman. Make sure Chrome is updated.

“The December 2024–2025 extension compromise campaigns hit millions of users through legitimate extensions that got hijacked after install. The threat isn’t sketchy unknown tools. It’s the trusted ones you’ve stopped thinking about.”

Editorial synthesis — sources: Barracuda Networks Blog (Feb 2026), deepstrike.io (Oct 2025), seraphicsecurity.com (Dec 2025)

Practical rules that actually help:

  • Keep total extensions under 15–20. Each one is an ongoing attack surface. 60% of extensions never get updated — meaning vulnerabilities accumulate.
  • Use separate Chrome profiles. Banking, sensitive work documents, and confidential communications in a clean profile with few or no extensions. General browsing in your main profile.
  • Check chrome://extensions periodically. Remove anything you haven’t used in 30 days. Chrome’s Safety Check now flags unused and outdated extensions automatically.
  • Review permissions before installing, especially for extensions requesting “Read and change all your data on all websites.” That’s the broadest permission class. Many legitimate extensions need it; so does malware.

What not to install — named specifically

HTTPS Everywhere — Retired. Don’t install it.

The Electronic Frontier Foundation retired HTTPS Everywhere in January 2023 because Chrome now handles HTTPS-first mode natively. Installing it today adds nothing and gives you an unmaintained codebase. Go to chrome://settings/security → “Always use secure connections.” Same protection, no extension needed.

Two password managers simultaneously — Don’t do it.

Running Bitwarden and 1Password (or any other combination) in parallel causes autofill conflicts, doubled page-read permissions, and creates a security gap where both extensions are competing to read form fields. Pick one. Remove the other completely, including from chrome://extensions.

Installing the first “ad blocker” that appears in a Chrome Web Store search

The top results for generic searches like “ad blocker” include several extensions with opaque data practices, and the Chrome Web Store has documented impersonation problems for popular extensions. Search for the exact names listed in this guide and verify the developer name matches before clicking “Add to Chrome.”

Using Grammarly (or any AI extension) with confidential documents

Grammarly and Quillbot ranked as the most privacy-intensive popular extensions in Incogni’s 2026 analysis of 442 AI extensions, based on permissions and data collection scope. The “scripting” permission alone was required by 42% of AI extensions and potentially affects 92 million users. For legal, medical, HR, or financial documents, disable AI extensions or use a clean browser profile.


Two install paths, depending on who you are

👤 For: General Users — New to Chrome extensions, everyday browsing

Start with four. Only four.

Install these in order: uBlock Origin Lite, Bitwarden, ClearURLs, Dark Reader. That covers ads, passwords, tracking, and eye strain. You don’t need anything else on day one. Add from the list above only when you have a specific problem that needs solving.

Do Migrate passwords from Chrome’s built-in manager to Bitwarden: go to chrome://password-manager/settings, export as CSV, import into Bitwarden. Takes about 15 minutes. Worth it.
Do Search for the exact extension names listed here. Verify the developer name on the Chrome Web Store page before clicking “Add to Chrome.” Impersonation is a documented problem for popular extensions.
Don’t Install the original uBlock Origin for Chrome. It does not work. Chrome disabled MV2 extensions on July 24, 2025. You want uBlock Origin Lite — different name, same developer.
Note Keep total extensions under 15. The more you install, the larger your attack surface. If you haven’t used an extension in 30 days, remove it.
💼 For: Professionals & Knowledge Workers — Multiple projects, work browser

Layer two: session management and async workflows

You likely already know you need a password manager and ad blocker. The tools with the highest return for professionals are the ones nobody talks about: Session Buddy for named project workspaces, and Loom for async video communication. These two alone eliminate a meaningful amount of context-switching overhead across projects and replace a category of “let me schedule a call to explain this” situations.

The session management point is worth dwelling on: Session Buddy and OneTab do different things. OneTab is an emergency valve when you’re drowning in tabs. Session Buddy is a workspace manager — save “Client A,” switch to “Client B,” come back to “Client A” with exactly the right twelve tabs restored. These are complementary, not redundant.

Do Create a separate Chrome profile for sensitive work (financial documents, legal contracts, HR data). Keep it to two extensions maximum: a password manager and nothing else. AI sidebar extensions read page content by design — that’s the feature, and also the risk.
Do Check your company’s IT policy before installing any AI extension. Monica, Grammarly, and similar tools require broad page-read permissions. Some enterprise environments flag or block these on install; finding out mid-meeting is worse than finding out now.
Don’t Run Grammarly in text fields containing confidential information. Incogni’s 2026 study of 442 AI extensions ranked it among the most data-intensive popular tools. The extension reads everything you type in browser fields — that’s disclosed in their privacy policy, but it’s worth taking seriously for professional contexts.
Note The December 2024–2025 extension compromise campaigns specifically targeted enterprises via supply-chain attacks on trusted tools. If you work with corporate SSO or sensitive data in Chrome, treat any extension that “reads and changes data on all websites” as requiring justification before installing.

The one thing this list can’t tell you

Whether it’s still accurate in six months. The MV3 situation is still developing — Google may or may not expand the declarativeNetRequest rule limits, ad networks will continue evolving their delivery methods, and the ad-blocker ecosystem will keep adapting. This page will be updated when something material changes.

What doesn’t change: fewer extensions, verified sources, reviewed permissions, removed when unused. The supply-chain attack pattern that hit millions of users in 2024–2025 worked through extensions people had installed and forgotten about. That’s the actual threat model for regular users — not spyware disguised as a game, but trusted tools that go bad after an update.

🔗
Looking for more browser and productivity guides?

Visit codetalenthub.io for guides on developer tools, productivity software, and browser setup for technical and non-technical users alike.

Sources & References
  • [1]uBlock Origin official site — MV3 status and platform compatibility (2026)
  • [2]digitbin.com — “uBlock Origin Not Working on Chrome in 2026? Here’s Why” (April 2026)
  • [3]standsapp.org — MV3 transition timeline and PoPETs 2026 study reference (November 2025)
  • [4]getblockify.com — Manifest V3 architecture changes explained (2026)
  • [5]ghostery.com — MV3-compliant alternatives to uBlock Origin
  • [6]incogni.com — “Ranking AI-Powered Chrome Extensions by Privacy Risk in 2026” — 442-extension study, January 5–7, 2026
  • [7]The Hacker News — CVE-2026-0628, Chrome Gemini panel privilege escalation (March 2026)
  • [8]NVD NIST — CVE-2026-0628 details, CVSS 8.8
  • [9]Barracuda Networks Blog — Supply-chain attacks on browser extensions (February 2026)
  • [10]Seraphic Security — Stanford University study on Chrome extension security; 346M users (December 2025)
  • [11]aboutchromebooks.com — Chrome extension statistics 2026, 287-extension Register investigation, 60% without updates
  • [12]deepstrike.io — Supply-chain attack patterns, 2025 campaign analysis (October 2025)
  • [13]PCWorld — Jon Martindale, essential Chrome extensions (October 2025)
  • [14]PCWorld — Google’s 2025 Editor’s Picks including Monica and Sider (December 2025)