View Any Chrome Extension's Source Code
Inspect permissions, scripts, and files before you install. CRXPlorer downloads, extracts, and analyzes any Chrome extension — so you know exactly what it does.
What You Can Inspect
Every file, every permission, every line of code
manifest.json
See every permission the extension requests, its content scripts, background workers, and declared capabilities — the blueprint of what it can do.
Content Scripts
Inspect the JavaScript injected into web pages. See which sites it targets, when it runs, and what it modifies in your browsing experience.
Permissions & Host Access
Understand exactly what data the extension can access — cookies, tabs, browsing history, clipboard, downloads, and more.
Web Accessible Resources
Discover which internal files are exposed to websites. Broadly exposed resources can be used for fingerprinting or data exfiltration.
How It Works
Three steps to inspect any extension
Enter an Extension ID or Chrome Web Store URL
Paste the extension identifier into CRXPlorer's scanner. Works with any Chrome, Edge, or Brave extension.
CRXPlorer Downloads & Extracts the Code
The extension package (CRX file) is downloaded directly from the Chrome Web Store, extracted, and prepared for inspection.
Browse Files & Get a Security Analysis
Explore every file in the extension's source code with syntax highlighting. Plus, get an AI-powered security score analyzing permissions, scripts, and attack surface.
Why You Should Inspect Extension Source Code
Chrome extensions run with elevated privileges inside your browser. A single malicious extension can read every page you visit, steal passwords, hijack sessions, and exfiltrate personal data — all silently in the background.
Supply chain attacks targeting browser extensions have surged. Legitimate extensions get sold to new owners who push malicious updates. Compromised developer accounts inject data-harvesting code. Even popular extensions with millions of users have been caught collecting and selling browsing data.
Viewing the source code before installing is the single most effective way to protect yourself. Check which permissions are requested, inspect what the content scripts actually do, and verify the extension doesn't phone home to suspicious servers.
CRXPlorer makes this easy — paste an extension ID, and you get full source code access plus an AI-powered security analysis that highlights the risks humans might miss.
CRXPlorer vs Other CRX Viewers
Other viewers show code. CRXPlorer tells you if it's safe.
Frequently Asked Questions
What is a CRX file?
A CRX file is the packaged format for Chrome extensions. It contains the extension's source code, manifest, images, and other assets compressed into a single file. CRXPlorer extracts and displays the contents so you can inspect them before installing.
How do I view a Chrome extension's source code?
Go to CRXPlorer's scanner, paste the extension's Chrome Web Store URL or 32-character extension ID, and click Scan. CRXPlorer will download the extension, extract its files, and display the full source code with syntax highlighting in the Code Explorer tab.
Is it safe to install Chrome extensions?
Not all Chrome extensions are safe. Extensions can request broad permissions that allow them to read your browsing data, modify web pages, or access cookies. Always review an extension's permissions and source code before installing. CRXPlorer's AI analysis helps you understand the risks.
What is CRXPlorer's security score?
CRXPlorer uses AI to analyze each extension across five categories: permissions, content scripts, web accessible resources, content security policy, and externally connectable. Each category is scored 0-100, and the weighted average determines the overall risk level: Safe, Low, Medium, High, or Critical.
Can I view Firefox or Edge extension source code?
CRXPlorer currently supports Chrome extensions (CRX format). Since Microsoft Edge extensions also use the Chrome Web Store, most Edge extensions can be analyzed. Firefox extension (XPI) support is planned for the future.