Menu
Would it be safe if I uploaded the .crx and .pem files for an open-source chrome application? What could someone do if they had both of the files? I assume the files aren't needed anyway if you have the unpacked extension (as I understand it, the .crx file is the extension itself), so would uploading the files to GitHub give someone the opportunity to do someone malicious (should I gitignore the files), or would it be a safe way to back up these files?
957
asked Nov 06 '25 16:11
The pem file for Google Chrome extensions are private keys and should not be distributed. The only way you would have gotten a pem file is by packaging up the extension on your own device. While you can do this the usefulness is limited as most users won't be able to install extensions via file instead of through the Chrome Web Store.
The private key is used to guarantee that future updates are from the same source as the original extension install. Anyone who has the private key can package extensions that Chrome users think were developed and deployed by you.
Note: if you have a Chrome extension pem file and have not yet published the extension to the Chrome Web Store, that anyone with the private key can create a listing of the extension and all existing users will automatically update to the CWS version.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
