EditThisCookie alternative

TL;DR: CookieVault is the open-source, Manifest V3-native EditThisCookie alternative. It restores the full Editor workflow on every Chromium browser plus Firefox, adds end-to-end encrypted sync, and ships with reproducible builds — migration from EditThisCookie takes about 90 seconds.

CookieVault is a free, MIT-licensed cookie manager browser extension that provides a Manifest V3 replacement for EditThisCookie, the Chrome Web Store cookie editor that was removed on 2024-09-28. CookieVault restores the same per-site Editor workflow developers and QA engineers relied on, adds end-to-end encrypted cross-device sync, and publishes every line of code on GitHub under the MIT license.

What happened to EditThisCookie

In short: EditThisCookie was the dominant Chrome cookie editor for a decade with a reported install base in the millions¹. Google removed the extension from the Chrome Web Store on 2024-09-28 following community-surfaced² evidence that the maintainer account had changed hands and a post-transfer update had introduced unwanted monetization. The original GitHub repository³ remains visible under the MIT license, but the official store listing is permanently gone.

EditThisCookie ran on Manifest V2, the older Chrome extension API that Google has been actively retiring since 2019⁴. Even if the listing had survived the maintainer-transfer incident, the extension would soon have been broken by the Manifest V3 transition: as of June 2024, Chrome began disabling all MV2 extensions in the stable channel, with no upgrade path for extensions that have not been rewritten⁴. Anything still relying on the deprecated chrome.extension.getBackgroundPage API, persistent background pages, or blocking webRequest interception will stop working in 2025.

The original author, Francesco Capano, has publicly stated² that he sold the extension to a third party prior to the malicious updates and has not been involved in its development for years. We do not blame him for the removal — we simply note that maintainer-account transfers are a known supply-chain risk for browser extensions, and the EditThisCookie story is a textbook example.

Why you need a replacement now

In short: Three forces converge on EditThisCookie users in 2025. The Chrome Web Store listing is gone, so there is no in-store update path. The local binary, even if pre-transfer, relies on a deprecated Manifest V2 architecture that Chrome will stop loading. And privately-circulated post-removal forks have an unknown provenance and should not be trusted with credential data.

Three independent forces converge on EditThisCookie users in 2025:

1. No Chrome Web Store listing. New users cannot install the extension. Existing users cannot receive any update — security fix or otherwise. The listing is gone⁵.
2. Manifest V2 sunset in Chrome stable. Chrome’s official documentation⁴ gives the timeline: starting June 2024, MV2 extensions are disabled in the stable channel; by January 2025 the disablement is irreversible. Enterprise policies allowed a brief extension into mid-2025, but the policy itself is being retired.
3. Untrusted forks circulating outside the store. Several “EditThisCookie revival” extensions and standalone CRX files have appeared on GitHub, mirror sites, and search-result top hits. None publish their build provenance. Installing an extension with chrome.cookies permission from an unknown publisher is a credential-theft vector.

The conservative path is to migrate to a maintained, audit-friendly Manifest V3 alternative with a clear ownership chain before the next Chrome update breaks your local copy.

What to look for in a replacement

A trustworthy EditThisCookie replacement should meet at least six criteria. CookieVault meets all six; we list them so you can verify any alternative — including ours — against the same checklist:

• Open-source code. MIT, Apache 2.0, or BSD — anything OSI-approved that lets independent reviewers audit the cookie-handling boundary.
• Manifest V3 native. Built for the current Chrome extension API, not a hasty wrapper around an MV2 codebase. Verify by inspecting manifest.json for "manifest_version": 3.
• Public maintainer identity. Real names, real LinkedIn / GitHub profiles, and a documented company or organization. Pseudonymous publishers should be a yellow flag.
• Reproducible Chrome Web Store builds. The published binary should be byte-identical to a tagged Git commit. Reproducibility eliminates the “the source code says X but the published binary does Y” attack class.
• No analytics SDKs. A cookie-management extension that ships Google Analytics, Mixpanel, or any third-party telemetry has its threat model exactly backward.
• A transparent business model. The extension is either funded by a paid Pro tier (CookieVault’s model), donations, a foundation, or a sponsor; “free with no apparent income source” is exactly the kind of project that gets sold to a malicious actor down the road.

CookieVault vs other EditThisCookie alternatives

The major modern alternatives are CookieVault, Cookie-Editor, and a handful of post-removal EditThisCookie forks. Side-by-side:

The honest summary: Cookie-Editor is a perfectly reasonable choice if all you need is the popup UX and you do not care about source-code transparency or sync. CookieVault wins on auditability and on the encrypted-sync feature that EditThisCookie never had. The unmaintained or anonymous forks are not in the same category — they are credential-theft risk that no convenience benefit justifies.

How to migrate from EditThisCookie to CookieVault

Migration takes about 90 seconds in the happy path. The full ordered checklist:

1. Export your existing data. While EditThisCookie is still installed locally, click its toolbar icon, open the menu, and choose “Export → JSON”. Save the file somewhere you can find it.
2. Uninstall EditThisCookie. Visit chrome://extensions, find EditThisCookie, and click Remove. The Chrome Web Store listing is gone, so a fresh re-install is not an option anyway.
3. Install CookieVault Editor. Open the Chrome Web Store, search “CookieVault Editor”, and click “Add to Chrome”. The same listing is available on Edge Add-ons, Firefox Add-ons, and via direct CRX side-load from the GitHub release page for Opera / Vivaldi / Arc / Brave.
4. Open the Editor and import. Click the new CookieVault toolbar icon, open Settings (gear), and choose “Import → EditThisCookie JSON”. Select the file you exported in step 1.
5. Verify the cookie list populated. Switch back to the Editor’s main popup. Visit any site where you previously had session cookies. The cookies should appear in the list with correct domains, values, and expiry timestamps.
6. Test a known login. Navigate to a site whose login depends on imported cookies. The session should be active; if not, the underlying cookie may have expired before import.
7. Enable encrypted sync (optional). If you want cookies available on a second device, open Settings → Sync, create an account, and pick a passphrase. The passphrase derives the encryption key client-side — CookieVault servers never see your cookies in plaintext.
8. Delete the EditThisCookie JSON export. After verifying everything works, securely delete the JSON file from disk. Cookies in plaintext on disk are a credential leak risk for as long as the file exists.

If the import fails at step 4 with “unsupported format,” the JSON may be from a pre-2.0 EditThisCookie release. Open an issue on the CookieVault GitHub repository with the file attached (after redacting cookie values) and we will add a compatibility shim.

Frequently asked questions

Q: Why was EditThisCookie removed from the Chrome Web Store? Google removed it on 2024-09-28 after community reports that the maintainer account had been transferred and the new owner pushed updates with aggressive monetization. The original GitHub codebase remains under its open-source license; the store listing does not.

Q: Is the old EditThisCookie binary still safe to use if I have it installed? We recommend uninstalling. Even the trusted pre-transfer build relies on Manifest V2 APIs that Chrome is force-disabling in 2025. Once that happens, your data will be locked in an unmaintained extension that no longer runs.

Q: Will CookieVault import my EditThisCookie JSON without losing flags? Yes. The JSON format includes name, value, domain, path, expires, httpOnly, secure, sameSite, and storeId; CookieVault’s importer parses all of these and rehydrates them through chrome.cookies.set.

Q: Is CookieVault open source the way EditThisCookie was? Yes — MIT license on GitHub, reproducible Chrome Web Store builds, public commit history.

Q: Does CookieVault work on Edge, Brave, Opera, Vivaldi, Arc, and Firefox? Yes, all six. Chromium browsers install the same Chrome Web Store build; Firefox uses a separate MV3-compatible build on the Firefox Add-ons site.

Q: Is there a cost? Local cookie management is free forever. The Pro tier ($4/month or $36/year) adds encrypted cross-device sync, cookie history with undo, named profiles, and team sharing.

Q: How is “end-to-end encrypted sync” different from regular cloud sync? The encryption key is derived on your device from a passphrase only you know and never leaves the device in plaintext. The sync server holds only opaque ciphertext. With traditional cloud sync, the provider holds the key.

Q: What if I do not have an EditThisCookie JSON export and the extension is already gone? Copy cookies manually from Chrome DevTools (F12 → Application → Cookies) into CookieVault Editor’s “Add cookie” dialog. Tedious for large lists, but recoverable as long as the browser profile is intact.