The average Chrome extension loses 60% of its users within the first week of installation. That number comes from our own analytics across four extensions we have shipped at Harbor Software, and it tracks closely with industry data from Chrome Web Store’s internal retention reports. The extensions that survive past week one share a pattern: they deliver value within 30 seconds of installation, they never interrupt the user’s browsing flow, and they handle permissions like a guest in someone’s house. Here is what we have learned about building browser extensions that users keep installed.
The First 30 Seconds Decide Everything
Most extensions die because they require configuration before delivering any value. The user installs your extension, clicks the icon, and sees a settings page or a login form. That is the moment they decide to uninstall. We tracked this with event analytics on our DevTools Inspector extension and found that 73% of users who saw a settings page as their first interaction never returned after closing it.
The fix is to design your extension so it works with zero configuration. Our code review helper extension demonstrates this pattern. On install, it immediately scans the current tab. If the user is on GitHub, it highlights code smells inline. If they are on Stack Overflow, it annotates answers with compatibility notes. No login, no API key, no settings. The extension does something useful right now.
The psychology behind this is well-documented in product onboarding research. Users give a new tool roughly 30 seconds to prove its value. Every second spent on configuration is a second not spent experiencing the core value proposition. Extensions that front-load configuration are asking users to invest before they have any evidence the investment will pay off. Extensions that front-load value give users a reason to invest in configuration later, when they already understand what the tool does and want to customize it.
// background.js — immediate value on install
chrome.runtime.onInstalled.addListener(async (details) => {
if (details.reason === 'install') {
// Get the current active tab
const [tab] = await chrome.tabs.query({ active: true, currentWindow: true });
if (tab?.url) {
// Inject content script immediately — don't wait for navigation
try {
await chrome.scripting.executeScript({
target: { tabId: tab.id },
files: ['content-script.js']
});
// Send a welcome message that shows inline, not in a popup
await chrome.tabs.sendMessage(tab.id, {
type: 'FIRST_RUN',
payload: { showInlineTooltip: true }
});
} catch (e) {
// Tab might not allow script injection (chrome:// pages, etc.)
// Fail silently — the extension will activate on next navigation
}
}
}
});The key detail is chrome.scripting.executeScript at install time. Most extensions register content scripts in the manifest and wait for the user to navigate to a matching URL. That means the user installs your extension, nothing visible happens, and they forget about it. Injecting immediately into the current tab closes that gap. We tested this approach against the passive manifest registration approach in an A/B experiment. Immediate injection increased day-7 retention by 28% because users actually saw the extension do something.
The inline tooltip mentioned in the code is a small, non-intrusive overlay that appears at the top of the page for 5 seconds: “CodeLens found 3 suggestions on this page.” It does not require any interaction. It simply acknowledges its own existence and demonstrates that it is working. Users who see this tooltip are 2.1x more likely to still have the extension installed after 30 days compared to users who see nothing.
Permissions: Ask for Less, Ask Later
Manifest V3 changed the permissions game significantly. Users now see explicit permission prompts, and Chrome Web Store review flags extensions with broad host permissions. The old pattern of requesting "<all_urls>" in the manifest is a retention killer. Our A/B test across two versions of the same extension showed that requesting activeTab instead of broad host permissions increased install completion rates by 34%.
The strategy is progressive permission escalation. Start with the minimum permissions that let you deliver core value, then request additional permissions only when the user takes an action that requires them. This mirrors the pattern that mobile apps have used successfully for years: do not ask for camera permission at launch, ask when the user taps the camera button.
// manifest.json — minimal initial permissions
{
"manifest_version": 3,
"name": "CodeLens",
"version": "1.0.0",
"permissions": ["activeTab", "storage"],
"optional_permissions": ["tabs", "notifications"],
"optional_host_permissions": [
"https://github.com/*",
"https://gitlab.com/*",
"https://bitbucket.org/*"
]
}
// Requesting permissions only when needed
async function enableGitHubIntegration() {
const granted = await chrome.permissions.request({
origins: ['https://github.com/*']
});
if (granted) {
// Register content scripts for GitHub dynamically
await chrome.scripting.registerContentScripts([{
id: 'github-integration',
matches: ['https://github.com/*'],
js: ['github-content-script.js'],
runAt: 'document_idle'
}]);
return true;
}
return false;
}The optional_host_permissions field in Manifest V3 is the mechanism that makes this work. Permissions requested through chrome.permissions.request() must be triggered by a user gesture (a click), which means you cannot silently escalate permissions in the background. This is a feature, not a limitation. It forces you to explain to the user why you need the permission at the exact moment they are trying to use the feature that requires it.
We present permission requests with context: “To scan code on GitHub, CodeLens needs access to github.com. This lets us analyze code as you browse pull requests.” When the user understands why a permission is needed, the grant rate is 68%. Without context, the grant rate is 31%. The Chrome permission dialog itself is generic and slightly alarming (“Read and change your data on github.com”), so providing a human-readable explanation before the dialog appears is critical.
One additional lesson: never request the notifications permission at install time. In our experience, notification permission requests on install reduce install completion by 22%. Users are conditioned to distrust notification requests because so many extensions abuse them. Request notification permission only after the user has used the extension for at least a week, and only when they enable a feature that genuinely requires notifications (like code review alerts).
State Management Without the Bloat
Browser extensions have a unique state management challenge: state lives across four separate execution contexts (background service worker, content scripts, popup, and options page), and these contexts communicate asynchronously through message passing. Most teams reach for Redux or Zustand out of habit. This is almost always overkill for an extension.
Chrome’s storage.local and storage.session APIs, combined with storage.onChanged listeners, give you a reactive state management system that works across all contexts without any library. The storage API already handles serialization, cross-context synchronization, and persistence. Adding a state management library on top of it adds complexity without adding capability.
// shared/state.js — simple reactive state management
const STATE_KEY = 'app_state';
const defaultState = {
enabled: true,
scanCount: 0,
lastScanUrl: null,
preferences: {
theme: 'auto',
severity: 'warning',
ignoredRules: []
}
};
export async function getState() {
const result = await chrome.storage.local.get(STATE_KEY);
return { ...defaultState, ...result[STATE_KEY] };
}
export async function setState(partial) {
const current = await getState();
const next = { ...current, ...partial };
await chrome.storage.local.set({ [STATE_KEY]: next });
return next;
}
export function onStateChange(callback) {
chrome.storage.onChanged.addListener((changes, area) => {
if (area === 'local' && changes[STATE_KEY]) {
callback(changes[STATE_KEY].newValue, changes[STATE_KEY].oldValue);
}
});
}
// In content script:
onStateChange((newState, oldState) => {
if (newState.enabled !== oldState.enabled) {
toggleOverlays(newState.enabled);
}
});
// In popup:
const state = await getState();
renderUI(state);This pattern handles 90% of extension state management needs in under 50 lines of code. The storage.onChanged listener fires in every context that registers it, so when the popup updates a setting, the content script reacts immediately without any explicit message passing. We have shipped three production extensions using this pattern, and the largest one (our DevTools Inspector) manages 23 state properties without any external state management library.
For the remaining 10% — when you need truly synchronous reads without async overhead — storage.session (Manifest V3 only) stores data in memory and is faster than storage.local, but it does not persist across service worker restarts. Use it for transient state like “is the user currently hovering over an element” and storage.local for persistent state like preferences and scan history.
One pattern we avoid: using chrome.runtime.sendMessage for state synchronization. Message passing is designed for one-time communications, not state synchronization. When you use messages to keep state in sync across contexts, you end up building your own pub/sub system on top of the messaging API — which is exactly what storage.onChanged already provides. We learned this the hard way on our first extension, where we built a custom message-based state sync system that had race conditions when multiple content scripts updated state simultaneously. The storage API handles this correctly because writes are serialized at the browser level.
Content Script Isolation and Performance
Content scripts run in the context of web pages, which means they share the main thread with the page’s JavaScript. A slow content script makes the page feel sluggish, and users will blame the page — then uninstall your extension when they figure out the cause. We have a hard rule: content scripts must complete their initial work in under 50ms.
The technique that makes this possible is lazy initialization with IntersectionObserver. Instead of scanning the entire DOM on page load, we observe elements as they enter the viewport and process them on demand. This is the same pattern that modern web apps use for lazy-loading images, applied to extension functionality.
// content-script.js — lazy DOM processing
class LazyScanner {
constructor() {
this.processed = new WeakSet();
this.observer = new IntersectionObserver(
(entries) => this.handleIntersections(entries),
{ rootMargin: '200px' } // Start processing slightly before visible
);
}
init() {
// Only observe top-level containers, not every element
const containers = document.querySelectorAll(
'pre, code, .highlight, .code-block, [data-language]'
);
containers.forEach(el => this.observer.observe(el));
// Watch for dynamically added elements (SPAs)
this.mutationObserver = new MutationObserver((mutations) => {
for (const mutation of mutations) {
for (const node of mutation.addedNodes) {
if (node.nodeType === Node.ELEMENT_NODE) {
const codeBlocks = node.querySelectorAll?.(
'pre, code, .highlight'
) || [];
codeBlocks.forEach(el => this.observer.observe(el));
}
}
}
});
this.mutationObserver.observe(document.body, {
childList: true, subtree: true
});
}
handleIntersections(entries) {
for (const entry of entries) {
if (entry.isIntersecting && !this.processed.has(entry.target)) {
this.processed.add(entry.target);
// Process asynchronously to avoid blocking
requestIdleCallback(() => this.processElement(entry.target));
}
}
}
processElement(element) {
// Your actual processing logic here
const analysis = analyzeCode(element.textContent);
if (analysis.issues.length > 0) {
this.injectAnnotations(element, analysis.issues);
}
}
}The WeakSet for tracking processed elements is deliberate. It prevents memory leaks when elements are removed from the DOM (the WeakSet releases references to garbage-collected elements), and it prevents double-processing without maintaining a growing list of element IDs. The requestIdleCallback ensures that processing happens during idle periods rather than blocking scroll or input events. If the browser is busy (the user is scrolling rapidly), processing is deferred until the main thread is free.
For SPA-heavy sites like GitHub, the MutationObserver is essential. GitHub uses Turbo (formerly Turbolinks) for navigation, which means full page loads are rare. Without a MutationObserver, your content script would only process the first page the user visits. We learned this the hard way when users reported that our extension “stopped working” after navigating within GitHub — the content script had run on initial page load but was not aware of subsequent Turbo navigations.
Performance budgeting is also important for content scripts. We use the Performance API to measure our content script’s impact and cap it at 16ms of main-thread time per frame (one frame budget at 60fps):
// Performance budgeting for content scripts
const FRAME_BUDGET_MS = 16;
let frameWorkStarted = 0;
function processNextElement() {
if (performance.now() - frameWorkStarted > FRAME_BUDGET_MS) {
// We've used our frame budget — yield and continue next frame
requestAnimationFrame(() => {
frameWorkStarted = performance.now();
processNextElement();
});
return;
}
// Process one element
const element = queue.shift();
if (element) {
processElement(element);
processNextElement(); // Continue if budget allows
}
}Service Worker Lifecycle: The Manifest V3 Trap
Manifest V3 replaced persistent background pages with service workers. Service workers terminate after 30 seconds of inactivity (5 minutes in some cases, but do not rely on this). This fundamentally changes how you design extension architecture. Any in-memory state in your service worker can vanish at any time.
The most common bug we see in Manifest V3 extensions is storing state in module-level variables. This worked perfectly in Manifest V2’s persistent background pages, and every developer migrating from V2 hits this bug:
// BAD — this will be lost when the service worker terminates
let scanResults = {};
let connectionCount = 0;
chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
if (msg.type === 'SCAN_COMPLETE') {
scanResults[sender.tab.id] = msg.data; // Lost on SW termination
connectionCount++; // Reset to 0 on SW termination
}
});
// GOOD — persist to storage, restore on wake
chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
if (msg.type === 'SCAN_COMPLETE') {
// Use chrome.storage.session for ephemeral data
chrome.storage.session.get('scanResults', (data) => {
const results = data.scanResults || {};
results[sender.tab.id] = msg.data;
chrome.storage.session.set({ scanResults: results });
});
// Return true to keep the message channel open for async response
return true;
}
});The pattern we follow is: treat the service worker as stateless. Every piece of data either lives in storage.session (ephemeral, fast) or storage.local (persistent, slightly slower). The service worker reads from storage on wake, does its work, and writes back. This adds a few milliseconds of latency but eliminates an entire category of “it works sometimes” bugs that are nearly impossible to reproduce because they depend on service worker lifecycle timing.
For extensions that need to maintain WebSocket connections or long-running timers, the service worker model is genuinely painful. The workaround is to use chrome.alarms for periodic tasks (minimum interval: 1 minute in production, 30 seconds during development) and offscreen documents for tasks that need a DOM context or persistent execution. Offscreen documents are a Manifest V3 feature that creates a hidden page that persists independently of the service worker. We use them for maintaining WebSocket connections and processing audio/video streams.
One important gotcha: chrome.alarms.create has a minimum interval of 1 minute for published extensions. During development with an unpacked extension, the minimum is 30 seconds. If you set an interval shorter than the minimum, Chrome silently rounds it up to the minimum. Your extension will work differently in development and production, which is a debugging trap we fell into.
Testing Extensions Without Losing Your Mind
Browser extension testing is underserved by the tooling ecosystem. There is no jest equivalent that runs your content scripts in a real browser context with extension APIs available. We have settled on a three-layer testing strategy that covers 95% of our bugs.
Layer 1: Unit tests with vitest. All pure business logic (code analysis, parsing, state transformations) lives in modules that import nothing from chrome.* APIs. These run in vitest with sub-second feedback loops. This accounts for about 60% of our test coverage. The key architectural decision is keeping business logic in pure JavaScript modules that have no dependency on browser APIs. This is good separation of concerns regardless of testing — it makes the code more portable and easier to reason about.
Layer 2: Integration tests with chrome API mocks. We maintain a thin mock layer for chrome.storage, chrome.runtime, and chrome.tabs that implements the same async interface as the real APIs but stores data in memory. This lets us test message passing flows, state management, and permission checks without a real browser.
// test/mocks/chrome-storage.js
const store = new Map();
const listeners = new Set();
export const chromeStorageMock = {
local: {
get: (keys) => {
return new Promise((resolve) => {
const result = {};
const keyList = typeof keys === 'string' ? [keys] : keys;
for (const key of keyList) {
if (store.has(key)) result[key] = structuredClone(store.get(key));
}
resolve(result);
});
},
set: (items) => {
return new Promise((resolve) => {
for (const [key, value] of Object.entries(items)) {
const oldValue = store.get(key);
store.set(key, structuredClone(value));
// Fire onChanged listeners — matches real Chrome behavior
listeners.forEach(fn => fn(
{ [key]: { newValue: value, oldValue } },
'local'
));
}
resolve();
});
},
clear: () => { store.clear(); return Promise.resolve(); }
},
onChanged: { addListener: (fn) => listeners.add(fn) }
};Layer 3: End-to-end tests with Playwright. Playwright supports loading unpacked extensions in Chromium. We run a small suite of E2E tests that install the extension, navigate to test pages, and verify that content script injections appear correctly. These tests are slow (8-12 seconds each) so we run them only in CI, not on every save.
// e2e/extension.spec.ts
import { test, expect, chromium } from '@playwright/test';
import path from 'path';
test('injects annotations on GitHub PR page', async () => {
const extensionPath = path.resolve(__dirname, '../dist');
const context = await chromium.launchPersistentContext('', {
headless: false, // Extensions require headed mode in Chromium
args: [
`--disable-extensions-except=${extensionPath}`,
`--load-extension=${extensionPath}`
]
});
const page = await context.newPage();
await page.goto('https://github.com/test-org/test-repo/pull/1/files');
await page.waitForSelector('.codelens-annotation', { timeout: 5000 });
const annotations = await page.locator('.codelens-annotation').count();
expect(annotations).toBeGreaterThan(0);
await context.close();
});The critical detail is headless: false. Chromium does not support loading extensions in headless mode. You need a display server (real or virtual via Xvfb) in CI. Our GitHub Actions workflow uses xvfb-run on Linux runners for this. The configuration is straightforward but poorly documented — we spent half a day figuring out that you need xvfb-run --auto-servernum -- before the Playwright command.
One additional testing strategy worth mentioning: we maintain a set of “fixture pages” — simple HTML files that contain the patterns our extension processes (code blocks, lists, forms, etc.). These fixture pages live in the test directory and are served by a local HTTP server during E2E tests. This decouples our tests from external websites (which can change their markup at any time) while still testing realistic DOM structures. When a user reports a bug on a specific website, we create a new fixture page that reproduces the bug’s DOM structure and add it to our test suite.
Measuring Retention and Iterating
You cannot improve what you do not measure. The Chrome Web Store gives you install counts and uninstall counts, but nothing about engagement. We instrument our extensions with lightweight anonymous telemetry that tracks three signals: feature activation (did the user use the core feature today), session length (how long was the popup open), and error rate (did the extension throw uncaught exceptions).
The implementation uses a simple event queue that batches events and sends them in a single request every 5 minutes to avoid network overhead:
// telemetry.js — anonymous, batched, respectful
const BATCH_INTERVAL = 5 * 60 * 1000; // 5 minutes
const ENDPOINT = 'https://telemetry.harborsoftware.com/events';
let queue = [];
export function track(event, properties = {}) {
queue.push({
event,
properties,
timestamp: Date.now(),
version: chrome.runtime.getManifest().version
});
}
async function flush() {
if (queue.length === 0) return;
const batch = queue.splice(0);
try {
await fetch(ENDPOINT, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ events: batch })
});
} catch {
// Put events back if send fails — they'll go in the next batch
queue.unshift(...batch);
}
}
// Use chrome.alarms instead of setInterval (service worker compatible)
chrome.alarms.create('telemetry-flush', { periodInMinutes: 5 });
chrome.alarms.onAlarm.addListener((alarm) => {
if (alarm.name === 'telemetry-flush') flush();
});We added an explicit opt-out toggle in the extension settings and a link to our privacy policy that explains exactly what we collect. No user IDs, no browsing history, no page content. Just feature usage counts and error traces. Since adding this telemetry, our retention-driven development cycle has cut churn by 22% across two extensions because we can now see which features users actually engage with and which ones they ignore.
The most actionable insight from our telemetry was discovering that 45% of our users never opened the popup. They installed the extension, saw it work via content script annotations, and never interacted with the popup at all. This told us that the popup was not necessary for the core value proposition — we had been spending 30% of our development time on popup UI features that less than half our users ever saw. We refocused development on content script features and in-page interactions, and our 30-day retention improved by 11%.
The extensions that survive are the ones that respect the user’s attention, work immediately, and never make the browser feel slower. Every architectural decision — from progressive permissions to lazy content script initialization to service worker state management — serves that goal. Build for retention from day one, not as an afterthought.
