How to spot dangerous extensions in Chrome

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

Check installed browser add-ons. Malicious ones could lurk among them.

Many people believe that if an extension or application is published in the App Store, Google Play, Microsoft Store, or the Mozilla Add-on Directory, then it is verified and safe. Unfortunately, this is not so.

The mechanism for adding them to the Chrome Web Store is automated. So malicious extensions are constantly leaking into the store. Let's figure out how to avoid installing them.

Why Chrome Extensions Can Be Dangerous

The Chrome Web Store has a huge number of extensions. Many of them are simply useless or duplicate functions of each other. And some are downright harmful. According to the Over 20,000,000 of Chrome Users are Victims of Fake Ad Blockers report published by AdGuard, more than 20 million Chrome users are installing fake ad blockers. And the extensions used for hidden mining have picked up Malicious Chrome extensions infect 100,000-plus users, again 100,000 in the last two months.

What can fake extensions be used for? They know how to steal your confidential data, passwords and bank card numbers. They are also able to mine cryptocurrencies in your browser or combine infected computers into botnets.

Try typing AdBlock in the Chrome Web Store search and see how many extensions you can find. Now guess which one is useful and which is not.

Things to check before installing an extension

Extension popularity

The more popular the extension, the better. If one extension has more than 10 million users, and its analog doesn't even have 10 thousand, the choice is obvious. The phrase about millions of flies does not fit here.

Popular extensions are often backed by large companies or developer communities that value their users. Trust them more than solo developers.

Unscrupulous performers can win the trust of users by choosing names that are similar to the notation for respectable extensions. So make sure that the name is spelled correctly.

Extension Description

Read the description before installing a new extension. Study it in its entirety. If it is misspelled, it is most likely either a student's craft or a malicious extension.

Of course, a well-written description does not guarantee security. But this is an important point that you must pay attention to.

Developer site

In the Chrome Web Store, the developer's name is usually located immediately below the name of the extension. Click on it and look at the creator's site. If it is absent, or, as they say, folded "on the knee", this is a bad sign.

It is worthwhile to carefully study the About us section or "About us" section on the developer's website, if available. This will at least form an opinion about the authors of the extension.

Reviews in the Chrome Web Store

Now read the reviews for the extension that Chrome Web Store users leave. Few reviews are bad. An abundance of negative reviews is bad. A lot of the same type of reviews in the spirit of "The best!", "Everyone to download!" - not very good either. This could be the result of cheating.

Internet extension information

Before installing, you should google the names of the extensions: the most useful and popular of them often appear in news and reviews. The life hacker, for example, regularly publishes a selection of the best Chrome extensions. Many other major sites do the same.

Access rights

Chrome has a system of permissions. It shows what actions a particular extension is going to perform in your browser. Approximately the same system operates in Android when installing new applications.

When you install an extension, take the time to see what it is requesting access to. It's bad if you don't pay attention to this moment. After all, if you install some kind of extension for fast image search, and it asks for access to your mail.google.com, this is an alarm bell.

Source

Yes, this is not an option for everyone. However, those who are versed in creating extensions for Chrome should look at the source code of the add-on being installed (if open). It is open source extensions that are always more trustworthy.

Check your extensions regularly

Open your list of extensions and check it out now. It is not uncommon for developers of popular extensions to sell them to less conscientious owners. A few years ago, this happened with the Add to Feedly extension, which, after a change of ownership, started showing ads.

Have you been using an extension for several years and even forgot that you have it? Check it out. Read the reviews, google the name. Has it become useless or harmful?

And remember: the fewer extensions, the better for both your privacy and browser performance. Install only those you cannot do without.