Are All Chrome Extensions Safe?

No, not all Chrome extensions are safe because some developers may have malicious intentions. Since Google Chrome is the most widely used browser in the world, cybercriminals use this to their advantage to target Chrome users. This means if you’re a Chrome user, you’re vulnerable to becoming a victim.

While Chrome extensions provide many benefits such as increased productivity, strengthened security, and improved work quality, they can also increase your vulnerability online and place you at risk of cyber attacks. 

In this blog, we offer ways to ensure that you only download safe Chrome extensions.

Are Chrome extensions safe to use?

One of the critical drawbacks of installing extensions is that it often requires you to provide access to your information, which prompts the question: Can extensions steal your passwords?

To put it simply, extensions cannot steal your information by default. However, when you download an extension, it requests various permissions. Once you accept the terms, you may have given the extension access to sensitive information – including credentials.

Developers with malicious intent may use this information to their advantage, stealing user data and leaving you vulnerable to attacks.

In 2017, shady developers tricked thousands of users into downloading a fake adblocking extension called Adblock Plus. The company purposely designed it to appear like the legitimate company, Adblock Plus – which is how they allegedly confused 37,000 users into downloading the fake version instead of the real one. 

How do I know if a Chrome extension is safe?

Follow these best practices to ensure the Chrome extensions you’re downloading are safe.

Download from the Chrome Web Store

Download Google Chrome extensions directly from the Chrome Web Store. Although some fake extensions have made their way into the Google Web Store, Google does vet extensions before making them available to the public.

When downloading from the Chrome Web Store, be sure to:

• Download the latest version — Older versions may be more vulnerable to cyber attacks.
• Be picky — The more extensions you download, the larger your attack surface. Limit the number you download to reduce the number of attack vectors available and remove any extensions that you no longer use.

Research the developer

Before downloading the extension to your browser, research the developer to ensure that the creators are legitimate. Below are a few signs to help verify that a developer is legitimate:

• They have a complete website, social media presence and other channels
• The information on their sites matches the claims in the Google Web Store
• They have created other legitimate and credible extensions
• They have published consistent updates to the extension

Read the description and permissions

Fake extensions may fill their descriptions with keywords to attract a larger audience. Instead, make sure that the description contains relevant information to the extension. Once downloaded, the extension will ask you to grant specific permissions. Review permissions closely and be wary of downloading extensions that track your information or require you to share excess data.

If you have already downloaded an extension and an updated version requests new permissions, ask yourself why. If you can’t justify the request, it may be better to delete the extension from your browser and find an alternative. 

Read reviews

Reviews are a great way to determine whether or not an extension is worth downloading. Read reviews for insight from other users who have already installed the extension on their devices. 

While reading the reviews, be on the lookout for any fake ones. You can spot fake reviews by looking for the following signs:

• Extremely emotional — If a review is too positive, this can suggest that the reviewer has close ties to the company. If a review is overly negative, this can suggest that the reviewer may have close ties to a competitor. 
• Too short — Most people who review products or services have something to say. If they didn’t, they wouldn’t be leaving a review.
• Written by an unestablished reviewer — Check the details of the reviewer. If they don’t have a profile picture, a history of reviews or a name, they may have created an account solely to write a fake review.

Install antivirus software

Antivirus software can be an additional security measure since it can detect malicious code in extensions. If you download a suspicious browser extension, your antivirus program will notify you, prompting you to remove it from your device immediately.

How to manage your Chrome extensions

If you are unsure what permissions you have made accessible, it would be best to manage your extensions and remove excess access to protect yourself online. Use the instructions below to manage your Chrome extensions.

1. Open Chrome
2. On the top right of your browser, click on the three vertical dots > Extensions > Manage Extensions
3. Now, you will see all the extensions you have already installed on your device
4. To view more information on a specific extension, click on Details to see what access has been given
5. Within the extension, you can choose to toggle any switches to revoke or provide permissions

Visit Chrome Web Store Help for more information on how to install, manage and uninstall an extension.

The bottom line

Chrome extensions can be useful tools in your personal and work life, but it’s important to take precautions when downloading them. Make sure to research the developer, read through permissions and descriptions, and read reviews. The more precautions you take before choosing to download a Chrome extension, the safer you and your information will be.