You are viewing extension docs in chrome via the 'file:' scheme: are you expecting to see local changes when you refresh? You'll need run chrome with --allow-file-access-from-files.
( optional enumerated Type array of paramType )
Description of this parameter from the json schema.
This parameter was added in version . You must omit this parameter in earlier versions, and you may omit it in any version. If you require this parameter, the manifest key minimum_chrome_version can ensure that your extension won't be run in an earlier browser version.
  1. Properties
    1. propertyName
  2. Methods
    1. methodName
  3. Events
    1. eventName
  4. Types
    1. id

Google Chrome Extensions (Labs)

Formats: Manifest Files

Formats: Manifest Files

Every extension, installable web app, and theme has a JSON-formatted manifest file, named manifest.json, that provides important information.

Field summary

The following code shows the supported manifest fields, with links to the page that discusses each field. The only fields that are always required are name and version.

  // Required
  "name": "My Extension",
  "version": "versionString",
  "manifest_version": 2,

  // Recommended
  "description": "A plain text description",
  "icons": { ... },
  "default_locale": "en",

  // Pick one (or none)
  "browser_action": {...},
  "page_action": {...},
  "theme": {...},
  "app": {...},

  // Add any of these that you need
  "background_page": "aFile.html",
  "chrome_url_overrides": {...},
  "content_scripts": [...],
  "content_security_policy": "policyString",
  "file_browser_handlers": [...],
  "homepage_url": "http://path/to/homepage",
  "incognito": "spanning" or "split",
  "key": "publicKey",
  "minimum_chrome_version": "versionString",
  "nacl_modules": [...],
  "offline_enabled": true,
  "omnibox": { "keyword": "aString" },
  "options_page": "aFile.html",
  "permissions": [...],
  "plugins": [...],
  "update_url": "http://path/to/updateInfo.xml"

Field details

This section covers fields that aren't described in another page. For a complete list of fields, with links to where they're described in detail, see the Field summary.


Used by installable web apps, including packaged apps, to specify the URLs that the app uses. Most important is the launch page for the app—the page that the browser goes to when the user clicks the app's icon in the New Tab page.

For details, see the documentation for hosted apps and packaged apps.


Specifies the subdirectory of _locales that contains the default strings for this extension. This field is required in extensions that have a _locales directory; it must be absent in extensions that have no _locales directory. For details, see Internationalization.


A plain text string (no HTML or other formatting; no more than 132 characters) that describes the extension. The description should be suitable for both the browser's extension management UI and the Chrome Web Store. You can specify locale-specific strings for this field; see Internationalization for details.


A security policy to apply to resources in your extension. You can use this policy to help prevent cross-site scripting vulnerabilities in your extension. By default, the extension system enforces the following policy:

script-src 'self'; object-src 'self'

Extensions can tighten their policy using the content_security_policy manifest attribute. For example, to specify that your extension loads resources only from its own package, use the following policy:

"content_security_policy": "default-src 'self' " 

If you need to load resources from websites, you can add them to the whitelist. For example, if your extension uses Google Analytics, you might use the following policy:

"content_security_policy": "default-src 'self'"

The extension system will prevent you including insecure resources for script-src or object-src. If you are using eval to parse JSON, please consider using JSON.parse instead.

For details, see the Content Security Policy specification.


The URL of the homepage for this extension. The extensions management page (chrome://extensions) will contain a link to this URL. This field is particularly useful if you host the extension on your own site. If you distribute your extension using the Chrome Web Store, the homepage URL defaults to the extension's own page.


One or more icons that represent the extension, app, or theme. You should always provide a 128x128 icon; it's used during installation and by the Chrome Web Store. Extensions should also provide a 48x48 icon, which is used in the extensions management page (chrome://extensions). You can also specify a 16x16 icon to be used as the favicon for an extension's pages. The 16x16 icon is also displayed in the experimental extension infobar feature.

Icons should generally be in PNG format, because PNG has the best support for transparency. They can, however, be in any format supported by WebKit, including BMP, GIF, ICO, and JPEG. Here's an example of specifying the icons:

"icons": { "16": "icon16.png",
           "48": "icon48.png",
          "128": "icon128.png" },

Important: Use only the documented icon sizes.

You might notice that Chrome sometimes resizes these icons down to smaller sizes. For example, the install dialog might shrink the 128-pixel icon down to 69 pixels.

However, the details of Chrome's UI may change between versions, and these changes assume that developers are using the documented sizes. If you use other sizes, your icon may look bad in future versions of the browser.

If you upload your extension, app, or theme using the Chrome Developer Dashboard, you'll need to upload additional images, including at least one screenshot of your extension. For more information, see the Chrome Web Store developer documentation.


Either "spanning" or "split", to specify how this extension will behave if allowed to run in incognito mode.

The default for extensions is "spanning", which means that the extension will run in a single shared process. Any events or messages from an incognito tab will be sent to the shared process, with an incognito flag indicating where it came from. Because incognito tabs cannot use this shared process, an extension using the "spanning" incognito mode will not be able to load pages from its extension package into the main frame of an incognito tab.

The default for installable web apps is "split", which means that all app pages in an incognito window will run in their own incognito process. If the app or extension contains a background page, that will also run in the incognito process. This incognito process runs along side the regular process, but has a separate memory-only cookie store. Each process sees events and messages only from its own context (for example, the incognito process will see only incognito tab updates). The processes are unable to communicate with each other.

As a rule of thumb, if your extension or app needs to load a tab in an incognito browser, use split incognito behavior. If your extension or app needs to be logged into a remote server or persist settings locally, use spanning incognito behavior.


This value can be used to control the unique ID of an extension, app, or theme when it is loaded during development.

Note: You don't usually need to use this value. Instead, write your code so that the key value doesn't matter by using relative paths and chrome.extension.getURL().

To get a suitable key value, first install your extension from a .crx file (you may need to upload your extension or package it manually). Then, in your user data directory, look in the file Default/Extensions/<extensionId>/<versionString>/manifest.json. You will see the key value filled in there.


The version of Chrome that your extension, app, or theme requires, if any. The format for this string is the same as for the version field.


A short, plain text string (no more than 45 characters) that identifies the extension. The name is used in the install dialog, extension management UI, and the store. You can specify locale-specific strings for this field; see Internationalization for details.


One or more mappings from MIME types to the Native Client module that handles each type. For example, the bold code in the following snippet registers a Native Client module as the content handler for the OpenOffice spreadsheet MIME type.

  "name": "Native Client OpenOffice Spreadsheet Viewer",
  "version": "0.1",
  "description": "Open OpenOffice spreadsheets, right in your browser.",
  "nacl_modules": [{
    "path": "OpenOfficeViewer.nmf",
    "mime_type": "application/vnd.oasis.opendocument.spreadsheet"

The value of "path" is the location of a Native Client manifest (a .nmf file) within the extension directory. For more information on Native Client and .nmf files, see the Native Client Technical Overview.

Each MIME type can be associated with only one .nmf file, but a single .nmf file might handle multiple MIME types. The following example shows an extension with two .nmf files that handle three MIME types.

  "name": "Spreadsheet Viewer",
  "version": "0.1",
  "description": "Open OpenOffice and Excel spreadsheets, right in your browser.",
  "nacl_modules": [{
    "path": "OpenOfficeViewer.nmf",
    "mime_type": "application/vnd.oasis.opendocument.spreadsheet"
    "path": "OpenOfficeViewer.nmf",
    "mime_type": "application/vnd.oasis.opendocument.spreadsheet-template"
    "path": "ExcelViewer.nmf",
    "mime_type": "application/excel"

Note: You can use Native Client modules in extensions without specifying "nacl_modules". Use "nacl_modules" only if you want the browser to use your Native Client module to display a particular type of content.


Whether the app or extension is expected to work offline. When Chrome detects that it is offline, apps with this field set to true will be highlighted on the New Tab page.


An array of permissions that the extension or app might use. Each permission can be either one of a list of known strings (such as "geolocation") or a match pattern that gives access to one or more hosts. Permissions can help to limit damage if your extension or app is attacked. Some permissions are also displayed to users before installation, as detailed in Permission Warnings.

If an extension API requires you to declare a permission in the manifest, then its documentation tells you how to do so. For example, the Tabs page shows you how to declare the "tabs" permission.

Note: As of Chrome 16, some permissions can be optional. For details, see Optional Permissions.

Here's an example of the permissions part of a manifest file for an extension:

"permissions": [

The following table lists the permissions an extension or packaged app can use.

Note: Hosted apps can use the "background", "clipboardRead", "clipboardWrite", "geolocation", "notifications", and "unlimitedStorage" permissions, but not any other permissions listed in this table.

Permission Description
match pattern Specifies a host permission. Required if the extension wants to interact with the code running on pages. Many extension capabilities, such as cross-origin XMLHttpRequests, programmatically injected content scripts, and the cookies API require host permissions. For details on the syntax, see Match Patterns.

Makes Chrome start up early and and shut down late, so that apps and extensions can have a longer life.

When any installed hosted app, packaged app, or extension has "background" permission, Chrome runs (invisibly) as soon as the user logs into their computer—before the user launches Chrome. The "background" permission also makes Chrome continue running (even after its last window is closed) until the user explicitly quits Chrome.

Note: Disabled apps and extensions are treated as if they aren't installed.

You typically use the "background" permission with a background page or (for hosted apps) a background window.

"bookmarks" Required if the extension uses the chrome.bookmarks module.
"chrome://favicon/" Required if the extension uses the "chrome://favicon/url" mechanism to display the favicon of a page. For example, to display the favicon of, you declare the "chrome://favicon/" permission and use HTML code like this:
<img src="chrome://favicon/">
"clipboardRead" Required if the extension uses document.execCommand('paste').
"clipboardWrite" Indicates the app or extension uses document.execCommand('copy') or document.execCommand('cut'). This permission is required for hosted apps; it's recommended for extensions and packaged apps.
"contentSettings" Required if the extension uses the chrome.contentSettings module.
"contextMenus" Required if the extension uses the chrome.contextMenus module.
"cookies" Required if the extension uses the chrome.cookies module.
"experimental" Required if the extension uses any chrome.experimental.* APIs.
"fileBrowserHandler" Required if the extension uses the fileBrowserhandler module.
"geolocation" Allows the extension to use the proposed HTML5 geolocation API without prompting the user for permission.
"history" Required if the extension uses the chrome.history module.
"idle" Required if the extension uses the chrome.idle module.
"management" Required if the extension uses the module.
"notifications" Allows the extension to use the proposed HTML5 notification API without calling permission methods (such as checkPermission()). For more information see Desktop Notifications.
"proxy" Required if the extension uses the chrome.proxy module.
"tabs" Required if the extension uses the chrome.tabs or module.
"tts" Required if the extension uses the chrome.tts module.
"ttsEngine" Required if the extension uses the chrome.ttsEngine module.
"unlimitedStorage" Provides an unlimited quota for storing HTML5 client-side data, such as databases and local storage files. Without this permission, the extension is limited to 5 MB of local storage.

Note: This permission applies only to Web SQL Database and application cache (see issue 58985). Also, it doesn't currently work with wildcard subdomains such as http://*

"webNavigation" Required if the extension uses the chrome.webNavigation module.
"webRequest" Required if the extension uses the chrome.webRequest module.
"webRequestBlocking" Required if the extension uses the chrome.webRequest module in a blocking fashion.


One to four dot-separated integers identifying the version of this extension. A couple of rules apply to the integers: they must be between 0 and 65535, inclusive, and non-zero integers can't start with 0. For example, 99999 and 032 are both invalid.

Here are some examples of valid versions:

  • "version": "1"
  • "version": "1.0"
  • "version": "2.10.2"
  • "version": ""

The autoupdate system compares versions to determine whether an installed extension needs to be updated. If the published extension has a newer version string than the installed extension, then the extension is automatically updated.

The comparison starts with the leftmost integers. If those integers are equal, the integers to the right are compared, and so on. For example, 1.2.0 is a newer version than

A missing integer is equal to zero. For example, is newer than 1.1.

For more information, see Autoupdating.


The version of the manifest format that this extension uses. Currently, extensions should use the value 2 (without quotes):

"manifest_version": 2

Future breaking changes to the extension system may require a new version number.