Browser bloat is the accumulation of built-in features that are not essential to rendering web pages, such as wallets, rewards systems, AI helpers, sync services, and other bundled tools. Each added feature increases settings complexity, background activity, and the local trust surface: more code runs inside the browser, more data paths exist, and more permissions or account links may be introduced.
In cyber security, browser bloat matters because attackers often target the extra layers rather than the core engine. A bundled wallet can expose secrets or signing flows, a rewards feature can add account and telemetry exposure, and an assistant can create new opportunities for data leakage or prompt abuse. Defenders reduce risk by disabling unused modules, preferring lean builds, and keeping the browser patched; even a stripped browser still depends on timely fixes for Chromium and related components.