Browser extensions enrich users’ browsing experience, e.g., by blocking unwanted advertisements on websites. To perform these functions, users must grant certain permissions during the installation process. These permissions, however, give very limited information about the fact that they allow the extension to access user’s personal data and browsing behaviour, posing security and privacy risks. To understand users’ awareness of these privileges and the associated threats, we conducted an online survey with 353 participants, focusing on users’ attitude, knowledge, and preference towards extensions’ permission requests. We found that users report interest in seeking information, trust the developers but do little to protect their data. They have limited knowledge about the technical abilities of browser extensions and prefer per-mission statements that evoke a clear mental model. Based on our findings we derive recommendations for the improvement of browser extension permission dialogues through clear language, technical improvements and distinct responsibilities.