A browser extension (also referred to as a plug-in) is a small software application that adds capacity or functionality to your web browser. With Google Chrome being the most widely-used browser in the world, it is important to practice safe habits to protect yourself and your team from the dangers of the Internet.
There are several benefits to installing Chrome extensions, including:
- Increased productivity
- Strengthened security
- Improved work quality
Although Chrome extensions may be helpful, can they increase your vulnerability online and put you and your team at risk of cyber attacks? In this blog, we offer ways to ensure that you only download safe browser extensions.
Are Browser Extensions Safe?
One of the critical drawbacks of installing extensions is that it often requires you to provide access to your information, which prompts the question: Can extensions steal your passwords?
To put it simply, no, extensions cannot steal your information by default. However, when you download an extension, it requests various permissions. Once you accept the terms, you may have given the extension access to sensitive information—including credentials.
Developers with malicious intent may use this information to their advantage, stealing user data and leaving you vulnerable to attacks.
In 2017, shady developers tricked thousands of users into downloading a fake adblocking extension called Adblock Plus. The company purposely designed it to appear like the legitimate company, Adblock Plus—which is how they allegedly confused 37,000 users into downloading the fake version instead of the real one.
Best Practices to Ensure Safe Chrome Extensions
Although it’s unclear whether or not the developers of the fake version had malicious intent, users must understand what applications they’re installing on their devices. Follow these best practices to ensure your browsers are not facing increased security risks.
Download from the Chrome Web Store
Download Google Chrome extensions directly from the Chrome Web Store. Although some fake extensions have made their way into the Google Web Store, Google does vet extensions before making them available to the public.
When downloading from the Chrome Web Store, be sure to:
-
Download the latest version — Older versions may be more vulnerable to cyber attacks.
-
Be picky — The more extensions you download, the larger your attack surface. Limit the number you download to reduce the number of attack vectors available. Remove any extensions that you no longer use.
Research the Developer
Before downloading the extension to your browser, research the developer to ensure that the creators are legitimate. Below are a few signs to help verify that a developer is legitimate:
- They have a complete website, social media presence and other channels.
- The information on their sites matches the claims in the Google Web Store.
- They have created other legitimate and credible extensions.
- They have published consistent updates to the extension.
Read the Description and Permissions
As seen in the image of the fake AdBlock Plus screenshot, fake extensions may fill their descriptions with keywords to attract a larger audience. Instead, make sure that the description contains relevant information to the extension.
Once downloaded, the extension will ask you to grant specific permissions. Review permissions closely and be wary of downloading extensions that track your information or require you to share excess data.
If you have already downloaded an extension and an updated version requests new permissions, ask yourself why. If you can’t justify the request, it may be better to delete the extension from your browser and find an alternative.
Read Reviews
Reviews are a great way to determine whether or not an extension is worth downloading. Read reviews for insight from other users that have already installed the extension on their device.
While reading the reviews, be on the lookout for any fake ones. Fake reviews are usually:
-
Extremely emotional — If a review is too positive, this can suggest that the reviewer has close ties to the company. If a review is overly negative, this can suggest that the reviewer may have close ties to a competitor.
-
Too short — Most people who review products or services have something to say. If they didn’t, they wouldn’t be leaving a review.
-
Written by an unestablished reviewer — Check the details of the reviewer. If they don’t have a profile picture, a history of reviews or a name, they may have created an account solely to write a fake review.
Install Antivirus Software
Antivirus software can be an additional security measure since it can detect malicious code in extensions. If you download a suspicious browser extension, your antivirus program will notify you, prompting you to remove it from your device immediately.
How to Manage Chrome Extensions
If you are unsure what permissions you have made accessible, it would be best to manage your extensions and remove excess access to protect yourself online. Use the instructions below to manage your Chrome extensions.
- Open Chrome.
- On the top right of your browser, click on the three vertical dots > More tools > Extensions.
- Now, you will see all the extensions you have already installed on your device.
- To view more information on a specific extension, click on Details to see what access has been given.
- Within the extension, you can choose to toggle any switches to revoke or provide permissions.
Visit Chrome Web Store Help for more information on how to install, manage and uninstall an extension.
Using Keeper Chrome Extension
Keeper® Password Manager & Digital Vault Chrome extension is a safe and secure way to add a layer of security to your teams’ devices. With over 600,000 users and 8,000 reviews, you can be confident that your credentials are protected with zero-knowledge encryption. Visit our document portal to learn more about using our browser extension.
Frequently Asked Questions
How do I install Chrome extensions?
Find and install Chrome extensions by visiting the Chrome Web Store. Simply select your extension of choice and then click Add to Chrome.
Do you need a Google account to use extensions?
No, you do not need a Google account to use extensions. You need to have the Google Chrome browser installed on your computer.