← 글 목록으로

Chrome Web Store Publishing Guide — What You Need and the Steps (First-Release Lessons Included)

chrome-extensionindie-dev

Notes from publishing a Chrome extension to the Chrome Web Store for the first time. So the second release goes smoothly, here is a concrete rundown of what to prepare and what goes into each page of the developer dashboard.

The overall flow

  1. Developer registration ($5, one-time) + account setup (contact email, trader declaration)
  2. Prepare assets (icon, screenshots, promo tile, descriptions, privacy policy page)
  3. Build the extension and zip it
  4. In the dashboard: "New item" → upload the zip
  5. Fill in the three pages: "Store listing," "Privacy practices," "Distribution"
  6. Submit for review (a few days for a first submission)
  7. Post-launch checks (store page, stats)

Preparation checklist

The list first; details in the per-page sections below.

Required (you cannot submit without these)

Item Details
Developer registration $5 one-time. Instant if you have a Google account
Public contact email Published on the store, so a dedicated address is wise. Must be verified
Trader / non-trader declaration If you are not monetizing, "non-trader"
manifest (inside the zip) Name, description (132 chars max), version, icons 16/32/48/128
Store icon 128x128 PNG. The actual artwork must be 96x96 with a 16px transparent margin
Screenshot 1280x800 At least 1 (max 5). 640x400 accepted but 1280x800 recommended
Category and language Selected on the store listing page
Detailed description Store listing text. Be concrete about what it does
Single-purpose statement One or two sentences: "this extension exists to do X"
Justification per permission Every requested permission has a "why is this needed" field
Data collection disclosure What you collect (check "no data collected" if nothing) + limited-use attestation

Not required, but worth having

Item Why
Small promo tile 440x280 Formally optional, but the docs state outright that missing it hurts your ranking. Effectively mandatory
Privacy policy URL Not required if you collect no data, but it builds trust. One page on your own site is enough
Screenshots beyond the first Several, one per feature, communicate better. Separate Japanese and English sets are an option
i18n via _locales Localize name/description with __MSG_*__. The description limit is 132 chars in every language (one over and the upload is rejected)
Homepage URL / support URL Extra listing fields. Good funnels to your own site or hub page

Things that turned out unnecessary

Item Why
Marquee promo tile 1400x560 Only used if you land in the marquee (major promo) slot. Not for a first indie release
YouTube promo video Optional. No effect on review or listing without it
Official URL (verified site) Requires site ownership verification via Search Console. Can be added later
Payment settings Irrelevant for free distribution

What goes into each page

Account (dashboard-wide settings)

  • Registration fee: $5 (one-time). Paying unlocks item registration
  • The contact email is published on your store listing (cannot be hidden). If you don't want your personal address out there, create a separate public-facing one
    • Aliases like myname+support@gmail.com are pointless — the base address is plainly visible. Make a separate account
    • The login account and the public contact address can be configured separately
    • Submission is blocked until you click through the verification email
  • Trader / non-trader declaration (an EU compliance thing). If you are not monetizing, "non-trader" is fine. Declaring as a trader adds obligations like publishing your address

Package

  • Upload the build output as a zip. Missing manifest essentials (name, description, version, icons) error out right here
  • The manifest description is limited to 132 characters — and with _locales, it is checked for every language
  • Don't accidentally upload a dev/test build (one with extra debugging permissions, etc.). The more permissions, the heavier the review

Store listing

  • Description: the long-form text. Be specific about what it does and how to use it. Linking to your own site or hub page is allowed (not a policy violation)
  • Category: pick one (changeable later)
  • Language: the listing's base language. With _locales you can vary description and screenshots per language (promo tiles cannot be localized)
  • Graphic assets:
    • Store icon 128x128 (required)
    • Screenshots 1280x800, 1–5 (required)
    • Small promo tile 440x280 (effectively required — see above)
    • Marquee 1400x560, YouTube video (skip)
  • Additional fields (all optional): homepage URL / support URL / official URL (needs site ownership verification)

Privacy practices

The page the review scrutinizes most. Vagueness here gets you sent back.

  • Single-purpose statement: the extension's purpose in one or two sentences. State it flatly: "an extension for doing Y to X"
  • Permission justifications: one input per requested permission. Tie each to a concrete behavior, e.g. "activeTab: to read the table in the current tab when the user runs the extension from the popup"
    • Fewer permissions, lighter review. If activeTab + scripting suffice, you'll pass more easily than by requesting host permissions (<all_urls> etc.)
  • Remote code: under Manifest V3 you shouldn't be using any. Select "no"
  • Data collection disclosure: check what you collect. If nothing, say so and check the "limited use" attestation
  • Privacy policy URL: can be left empty if you collect no data, but having one is the safe play

Distribution

  • Payment: free
  • Visibility: public (for test distribution there is "unlisted" = link-only access)
  • Regions: all regions is fine

Review

  • The first review took a few days (with a light permission set)
  • Thin permission justifications or broad permission requests mean longer waits and more rejections
  • A rejection just means fix and resubmit — no need to dread it

The post-launch "not trusted" warning

Right after publishing, the store page showed "This extension is not trusted by Enhanced Safe Browsing" — mildly alarming. What I found:

  • It is applied automatically to all new developers; the extension's contents are irrelevant
  • Only users who enabled Chrome's Enhanced Safe Browsing see it; the default Standard protection doesn't show it
  • There is nothing a developer can do to remove it — it clears automatically after a few months of policy-compliant operation (DevRel on the official forum confirms "time solves it")

In other words: ignore it.

Post-launch measurement

  • Manifest V3 forbids remote scripts, so GA4 (gtag.js) analytics are not possible
  • For installs and weekly users, check "Stats" in the developer dashboard

Summary

  • Four assets to prepare up front: 128px icon / 1280x800 screenshot / 440x280 small promo tile / descriptions (the 132-char manifest one and the long-form one)
  • Three account items to clear first: $5 registration / public email verification / non-trader declaration
  • Review strategy in one line: minimize permissions and justify each one concretely
  • The post-launch "not trusted" warning is by design. Leave it alone