Do You Have Any Idea What Chrome’s Extensions Could do to You?


There are tens of thousands of unsafe Google extensions. Discover how to recognize and avoid these to protect your system from devastating data breaches. 

Did you know that about one-third of all Google Chrome extensions have known security vulnerabilities? Google Chrome recently removed a paltry 500 extensions due to malware concerns but that’s hardly the tip of the iceberg as well over 30,000 potentially dangerous extensions remain available for use on the popular internet browser. What’s more, nearly 85% of recently examined extensions don’t have a privacy policy and more than three-quarters of extensions don’t list a support site you can turn to if the extension wreaks havoc on your machine.

Given these facts, one has to wonder: Is Google doing to take steps to ensure extensions creators aren’t putting up malware-laden programs? How can regular users tell if an extension is secure and reliable before installing it? Is there a way businesses can take action against questionable extensions? Don Baham from IT MSP Kraft Technology Group answers these and other questions to provide a well-rounded understanding of how Chrome extensions work, what damage they can do, and how you can take advantage of helpful extensions while avoiding dangerous ones.

First of all, Don Baham explains how Google Chrome extensions work. They are similar to Android apps in that they can be installed not only from a collected vetted by Google but also from third-party sources. The latter option makes it possible for literally anyone to make and promote a Chrome extension, an ability that has both its benefits and downsides. The upside is that it gives users multiple choices to allow them to find an extension that suits their needs; the obvious downside is that extensions that aren’t vetted by Google could easily contain malware that could harm your machine. Downloading extensions exclusively from a collected vetted and maintained by Google is obviously the best choice; however, even this won’t guarantee that your chosen extension will be safe as the company that makes and maintains the extensions could be compromised after Google has vetted the extension.

Additionally, as Mr. Baham accurately points out, malware isn’t the only problem you have to worry about when using a Google Chrome extension. Privacy is another important issue. Google’s privacy policy is vague regarding how much data the tech giant is allowing extensions to access and use. Put simply, your extension could be collecting a massive amount of your private information and doing whatever it wants with it, including selling it to third-party marketers. This problem not only affects Google Chrome but also extensions used on any other internet browser, which is why users are advised to be careful which extensions to allow on their browsing session.

One good way to keep your internet activity private while using helpful extensions is to install Privacy Badger or a similar program. Yes, it’s an extension, but it can offer privacy that Google and other web browser creators can’t guarantee extension users. Alternatively, you may want to consider a tool such as CRXcavator to risk rank Chrome extensions before you download and install them. This handy program, which was created by Duo Security, will tell you how risky it is to run a particular extension on your browser.

Corporate Security Suggestions

While the above-mentioned suggestions can be applied to both personal and business internet use, Mr. Baham also suggests that corporate offices only allow users to run extensions that have been specifically approved by the company. Your IT managed service provider, be it an in-house tech or outside company, can limit what programs can be run on the company’s IT network. Exercising tight control over which extensions are installed and used on company computers adds an additional layer of security to your network, protecting it from breaches.

It’s also wise to offer your employees cybersecurity training so they know how to recognize potentially malicious extensions and avoid them. Many employees and contractors use personal computers to access company information on the cloud; this puts your system at risk because malicious extensions on personal computers can then gain access to your entire business network if you aren’t careful. With ongoing training, your staff members will be able to help you keep your network safe from cybercriminals.

Individuals and business owners who expect Google to do all the hard work of monitoring Chrome extensions are making a huge mistake. While Google does vet the extensions featured on its collections, the vetting process doesn’t automatically guarantee that the extensions are 100% safe; what’s more, users can easily download extensions from a wide range of sites over which Google has no control. It’s up to individual users to protect themselves by using tools and programs to vet extensions to ensure they’re legitimate and safe. Corporate offices that want to protect their networks should limit extension access, only allowing certain types of approved extensions on company computers. Remaining vigilant and careful is the only way to ensure that your system is safe from malicious or faulty Chrome extensions.

Image credits –

Hi, I'm Raj Hirvate and I am a Tech Blogger from India. I like to post about technology and product reviews to the readers of my blog. Apart from blogging i'm a big Anime fan I Love Watching Naruto, One piece and Death Note.