Tech Talks editor Kevin Delsch has written a guideline for Chrome browser users with tips to keep themselves and their personal data safe from unscrupulous extension developers.
According to statcounter.com, Chrome dominates browsers with nearly 60 percent share across all platforms as of June 2018.
In addition to ease of use, download speed and reliability, Google Chrome also has a huge arsenal of extensions that can satisfy almost any, even the most specific need.
Extensions for Chrome are groovy and increase productivity; there’s no need to order custom development of any software solution, because everything you need is already in the Chrome Web Store, right?
Despite their apparent innocuousness, Chrome extensions can get full access to user data in the browser, including the sites they visit, the content they are interested in, everything they enter on those sites, including passwords, etc. Often, it is not actually necessary to have access to all of this information in order to work consistently. It’s up to the user here – if he willingly granted all the permissions that the Chrome plugin requested of him, he’s left to fend for himself.
Although Google scans all Chrome extensions when submitting them to the Chrome Web Store, sometimes malicious plugins do trickle into the store. It’s also possible to install an extension from a third-party site using the so-called inline install API. Fortunately, this loophole is promised to be closed soon, but for now it is still open.
There is one more thing. Chrome extensions can be updated automatically. So, even if you take preventive measures, things can change. For example, a decent developer will sell their extension, and the new owner will decide to add some unreliable elements to it. And this is just one of many possible scenarios. So with Chrome extensions, it’s worth keeping your ears open.
What to check before installing a Chrome extension
Are you sure you need this extension?
It’s a matter of basic digital hygiene. Every feature you add to your system increases its vulnerability. The internet is full of cool stuff, but don’t install it unless you really need it.
Create a second account to test extensions
How do you know if an extension will help increase your productivity without installing it? For many people, this is more important than the rule above. You can get out of it by creating an additional account specifically for checking extensions. By doing so, you will protect the data contained in your main account in case the extension turns out to be unscrupulous.
Never install an extension from outside the Chrome Web Store
Google has already enforced this rule in Chrome for extensions published after June 12, 2018. But if you managed to install any plugins before that date from outside the Chrome Web Store, you’d better tear them down and look for official alternatives in the store.
Google promises to close this feature by September 12: whichever site you click to install an extension, you’ll be automatically redirected to the Chrome Web Store, and that’s a good thing. The inline install API will be completely removed from Chrome 71 in early December. However, creators will still have the option to install their extensions locally for testing by turning on developer mode.
Make sure you’re installing the right extension
Earlier in April, AdGuard, which offers ad-blocking products, published a list of malicious extensions for Chrome, which together compromised more than 20 million users.