Protect Yourself from Potential Attacks Via Chrome Extensions

Learn two simple ways to set the privacy and activity settings for each Google Chrome extension on your browser and steps the company is taking to protect users.

Google’s Chrome web browser is a popular choice for businesses the world over. Managing the extensions gives you more control and faster results when using Chrome to its best. Here’s a closer look at Chrome add-ons and how to use them effectively.

And with emerging cyberthreats targeting browsers, now is an important time to know your way around the extensions.

Browser Extensions

What Is the History of Google Chrome Extensions?

Google introduced Chrome in 2008. By 2010, there were more than 10,000 extensions available in the Chrome Web Store. Today, the company does not release the number available, but it’s estimated to be in the hundreds of thousands.

That growth brings with it an increasing vulnerability to attacks via vectors embedded in extensions. The company does work to keep malicious extensions out of its store but mistakes are possible. Other extensions can invade users’ privacy.

Should I Uninstall All Chrome Extensions?

Deleting all extensions is not necessary. Instead, use these two helpful tools to manage your extensions better and control permissions you provide to the add-in.

1. Use Extension Icons

To the right of the address bar, you’ll find icons representing the extensions you’ve installed. If you right-click on an icon, you’ll see an option titled “This can read and change site data” with three options:

  • When you click the extension
  • On [the site you’re on]
  • On all sites

The default is the first option, which limits the use of the extension to user-activated times. If an extension is “loud,” meaning it uses a lot of bandwidth, these settings can provide more control.

2. Use Extension Settings

If you click on the hamburger menu icon to the far right of your address bar, you can click on the option “More tools” and click on “Extensions.” This will bring up a screen with a box for each installed extension. Click on the Details button for any extension you want to modify. You’ll see the three options again, but also an option to add the URLs of specific sites on which you want the extension activated.

What Can Go Wrong with Browser Extensions?

There are several risks to installing browser extensions. Here are a few of the ways extensions can do harm:

  • Malicious intent. Malware can be installed unknowingly that uses your computer for other purposes. Kaspersky, for example, noted a recent example of extensions that made money for the hacker by clicking on pay-per-click ads.
  • Hijacking. If a hacker steals a designer’s credentials, an extension can be compromised by changing the functionality or inserting malware.
  • Purchases. Extensions are hard for designers to monetize. That’s why many are eager to sell their code if approached by a buyer. Users are usually unaware if extensions change hands, meaning a previously well-intentioned add-on can be repurposed.

Is Google Addressing Extension Security?

Google recently announced steps it’s taking to combat the security issues with extensions. Among its changes:

  • More granular user permission options
  • A requirement that extensions only request access to the minimum amount of user data needed to operate
  • Expanding privacy rules for extensions. Those that carry user communications and user content will join those that handle personal or sensitive user data and need to post privacy policies

Proactive steps combined with Google’s efforts are critical to keeping your browsing and data safe and secure.