How to Avoid Malicious Chrome Extensions
Browser extensions can completely transform our online experience. They can do anything from blocking ads, to displaying inspirational quotes, to actually helping you be more productive. The more popular the browser, the greater the number of extensions available for it. As you probably know, Google Chrome leads the way in that respect.
The problem is, extensions are, in essence, applications, and as we all know, applications can be malicious. Malware has been distributed with the help of Chrome extensions for a while, and Google is trying to do something about it. A couple of weeks ago, the Silicon Valley giant announced that starting September 12, 2018, you won't be able to install Chrome extensions from third-party websites. The idea is that you'll only install add-ons from Chrome's Web Store where all the software is vetted and malware-free. As is often the case, the reality is a bit different.
Malicious extensions and Chrome's Web Store
The situation is pretty similar to what we see with Android and Google Play. Extensions published on Chrome's Web Store are indeed checked out before they get approved, but the vetting process clearly isn't thorough enough. We've seen Google go after extensions that posed as useful tools but in reality did all sorts of nasty things like displaying ads, mining cryptocurrency, and stealing information. They somehow got through Google's approval process, and they ended up on Chrome's Web Store. From there, they landed on the computers of thousands of innocent victims.
It's up to the user to sort the wheat from the chaff
Over the years, we've heard a lot of excuses saying something to the effect of "malware does slip through the cracks every now and then." Sometimes, however, the cracks look like chasms, and sadly, it looks like it is the user that must figure out which extensions are good and which aren't. Fortunately, if you're diligent enough, you should be able to spot the bad ones. Here are a few things you might want to keep in mind.
- You don't need to be a guinea pig
You'll soon have no other options but to install extensions from the Web Store, so you might as well learn what sort of information you can get from it.
The number of users is a particularly useful piece of data. A large userbase doesn't necessarily mean that the extension is safe to use. In much the same way, a low number of users doesn't automatically indicate malicious behavior. It does show that not a whole lot of people know about the extension, however, and this isn't ideal. If you're really interested in its functionality, save it as a bookmark and come back to it in a few weeks when the userbase is larger. Testing out a brand new extension you know nothing about is a risk you don't want to take unless you absolutely have to.
- Take a look at what the description says
Obviously, cybercriminals won't publicly announce that their extension will do some bad things to your PC. With that said, reading the description is important because it could sometimes give you clues about the extension and its authors.
Crooks aren't known for their immaculate English, and they sometimes tend to get a bit carried away with the keywords in their quest for more clicks. These are not 100% reliable indicators, but you might want to stay alert if you see poor grammar and awkward wording.
- See what others think
You should know by now that everything you read on the Internet should be taken with a grain of salt, and reviews are by no means an exception. That said, if you take a look at the reviews section, you could get an idea of what people think about a particular extension. Again, things aren't as simple as they may appear.
Too much positivism isn't necessarily a good thing. The world is full of people with different needs and different levels of understanding when it comes to computers, which means that a piece of software that receives only thumbs-up reviews is suspicious.
When there's an overwhelming number of negative opinions, things are more straightforward, especially if many people are complaining about the same thing. Take the time to see what users think before you click the Add to Chrome button. It might just save you plenty of headaches.
- Use Google
The numerous incidents involving malware and Chrome extensions suggest that Google isn't very good at policing its own marketplace. It is good at giving you information, though. Googling the name of the extension is more useful than you may think.
Even if it's not downright malicious, you might find out that some of the functionality of the extension you're considering is questionable. Security experts and privacy advocates are very vocal when they see something they don't like, and you're likely a few clicks away from finding out what they have to say. You can also see what your other options are.
Technology websites review browser extensions all the time. They evaluate their performance, point out bugs, and give advice on what's good and what isn't. A simple search can help you decide whether the extension you're currently looking at is worth the bother and whether there's another one that will better suit your needs. It's this information that will let you make an informed decision.
Making an informed decision is very important because the whole point of installing an extension is to make the browsing experience more pleasant. And as we established in the last few paragraphs, if you're not diligent enough, you could achieve the opposite effect.