diff --git a/lib/browser/api/web-contents.js b/lib/browser/api/web-contents.js
index adbe7e5710d5a..4fcef7c05f0af 100644
--- a/lib/browser/api/web-contents.js
+++ b/lib/browser/api/web-contents.js
@@ -358,6 +358,17 @@ const addReplyInternalToEvent = (event) => {
   })
 }
 
+const safeProtocols = new Set([
+  'chrome-devtools:',
+  'chrome-extension:'
+])
+
+const isWebContentsTrusted = function (contents) {
+  const pageURL = contents._getURL()
+  const { protocol } = url.parse(pageURL)
+  return safeProtocols.has(protocol)
+}
+
 // Add JavaScript wrappers for WebContents class.
 WebContents.prototype._init = function () {
   // The navigation controller.
@@ -428,7 +439,9 @@ WebContents.prototype._init = function () {
 
   for (const eventName of forwardedEvents) {
     this.on(eventName, (event, ...args) => {
-      app.emit(eventName, event, this, ...args)
+      if (!isWebContentsTrusted(event.sender)) {
+        app.emit(eventName, event, this, ...args)
+      }
     })
   }