Can Browser Extensions Be Dangerous?

Posted By : Ken Colburn of Data Doctors on November 15, 2018

Question

Is there any reason to be concerned with Chrome extensions?

Answer

This question was answered on November 15, 2018.

One of the many reasons that Google’s Chrome browser has become the most popular browser in the world includes the ability to add new functionality through extensions.

The vast majority of the more than 180,000 available extensions at the Chrome Web Store (https://chrome.google.com/webstore) are free, making them very popular with web browsers.

How Extensions Can Be Dangerous
A browser is your window to the online world and despite all the security that Google has built into Chrome, allowing anything into your browser can potentially allow others to monitor everything you’re doing or modify what you’ll actually see as you’re surfing the web.

Google as well as all the other browser companies have created processes to scan and review extensions before they become available, but they’ll never be able to catch everything, so it’s always ‘downloader beware’.

Thankfully, the instances of truly malicious browser extensions is rare and when Google detects that an extension has become malicious, it automatically disables its use on all Chrome browsers.

Good Extensions Gone Bad
Since a large number of extension developers are individuals or small companies, if they get hacked or decide to sell their code to a third party, what the extension actually does can start to change.

Google recently tightened their guidelines for extension developers, making it more difficult for hidden code to sneak by their review process (https://goo.gl/PvjpPp).

Steps to Evaluate Extensions
There’s no simple way to validate an extension, but there are several steps you can take to help you feel more comfortable with the developer before deciding to install it.

Start by actually reading what the extension is going to do in the ‘Overview’ section and be sure to click on the ‘Read more’ button if it exists as important information may be hiding. Also, review the Privacy Policy if there is one to see what data is collected, how it’s used, etc.

Look to see what version it is, which indicates how long the extension has been around – the higher the version number, the longer it has been around.

Look to see how many users have installed the extension and how many reviews it has, then read some of the reviews. If either of these numbers are very low, you should be very cautious.

I’d also check out the developer to see if it’s someone you have heard of – this is done by clicking on the name next to the ‘Offered By’ just below the name of the extension.

Is the developer an individual or a company? Do they reside in a foreign country that’s known to be an adversary of the U.S.? Have they created other extensions? Can you find them on social media?

Pay Attention!
If you feel comfortable after reviewing everything, the final step is pay attention to what the app says it can do when you click on the ‘Add to Chrome’ button. If you don’t like what you read, you can simply click on ‘Cancel’.

Get the Urge to Purge
If you’re not actively using an extension, it’s always best to remove it.  You can see and remove any of your extensions by typing chrome://extensionswhere you would typically type in a web address.

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!

Author

Posted by Ken Colburn of Data Doctors on November 15, 2018

Feedback

Featured At: