There are tens of thousands of unsafe Google extensions. Discover how to recognize and avoid these to protect your system from devastating data breaches.
Given these facts, one has to wonder: Is Google doing to take steps to ensure extensions creators aren’t putting up malware-laden programs? How can regular users tell if an extension is secure and reliable before installing it? Is there a way businesses can take action against questionable extensions? Don Baham from IT MSP Kraft Technology Group answers these and other questions to provide a well-rounded understanding of how Chrome extensions work, what damage they can do, and how you can take advantage of helpful extensions while avoiding dangerous ones.
First of all, Don Baham explains how Google Chrome extensions work. They are similar to Android apps in that they can be installed not only from a collected vetted by Google but also from third-party sources. The latter option makes it possible for literally anyone to make and promote a Chrome extension, an ability that has both its benefits and downsides. The upside is that it gives users multiple choices to allow them to find an extension that suits their needs; the obvious downside is that extensions that aren’t vetted by Google could easily contain malware that could harm your machine. Downloading extensions exclusively from a collected vetted and maintained by Google is obviously the best choice; however, even this won’t guarantee that your chosen extension will be safe as the company that makes and maintains the extensions could be compromised after Google has vetted the extension.
One good way to keep your internet activity private while using helpful extensions is to install Privacy Badger or a similar program. Yes, it’s an extension, but it can offer privacy that Google and other web browser creators can’t guarantee extension users. Alternatively, you may want to consider a tool such as CRXcavator to risk rank Chrome extensions before you download and install them. This handy program, which was created by Duo Security, will tell you how risky it is to run a particular extension on your browser.
Corporate Security Suggestions
While the above-mentioned suggestions can be applied to both personal and business internet use, Mr. Baham also suggests that corporate offices only allow users to run extensions that have been specifically approved by the company. Your IT managed service provider, be it an in-house tech or outside company, can limit what programs can be run on the company’s IT network. Exercising tight control over which extensions are installed and used on company computers adds an additional layer of security to your network, protecting it from breaches.
It’s also wise to offer your employees cybersecurity training so they know how to recognize potentially malicious extensions and avoid them. Many employees and contractors use personal computers to access company information on the cloud; this puts your system at risk because malicious extensions on personal computers can then gain access to your entire business network if you aren’t careful. With ongoing training, your staff members will be able to help you keep your network safe from cybercriminals.
Individuals and business owners who expect Google to do all the hard work of monitoring Chrome extensions are making a huge mistake. While Google does vet the extensions featured on its collections, the vetting process doesn’t automatically guarantee that the extensions are 100% safe; what’s more, users can easily download extensions from a wide range of sites over which Google has no control. It’s up to individual users to protect themselves by using tools and programs to vet extensions to ensure they’re legitimate and safe. Corporate offices that want to protect their networks should limit extension access, only allowing certain types of approved extensions on company computers. Remaining vigilant and careful is the only way to ensure that your system is safe from malicious or faulty Chrome extensions.
Image credits – bgr.com