Google takes security very seriously and devotes considerable resources to it. Unfortunately, not all extension developers are as cautious. While you can never be totally safe from malicious browser extensions, here are some security checks I make before adding a new extension or app.
Extensions Page
The first check is to regularly visit my Chrome Extensions page by entering chrome://extensions/ into the URL bar, or clicking the three-dot menu and choosing Extensions > Manage Extensions. Here, any known problems with extensions I have installed will be flagged. This includes security issues and any extensions no longer supported and should be removed.
It is also worth taking a few minutes to scroll down your list of extensions and apps to see if you still want them. I delete them if they’re no longer useful, which can help to speed up the browser, reduce clutter, and improve your security.
Reviews and Updates
Before installing a new extension, I look at its Chrome Web Store page for any suspicious details. I first check out the number of users. A small number of users doesn’t mean an extension isn’t good, but it does mean it hasn’t been widely tested yet. I also look at reviews, which are a good indication of what users think of it.
Next, I scroll down to the Details section and look at the date of the last update. Software that is not updated regularly is more vulnerable to hacking and vulnerabilities. If there have been no updates in the last year or so, I’ll usually look elsewhere.
Privacy
Further down the Chrome Web Store page is the Privacy section. Obviously, this is very important if you’re worried about security. This section will generally say, “The developer has disclosed that it will not collect or use your data.” It will also contain a link to the developer’s privacy policy. If the extension collects, stores, or shares any data, the details will be spelled out in this section.
The Developer
Most professional developers, even if they are very small, should have a website somewhere. I always see what I can learn about the person or company that developed the extension. I try to find out who they are, their location, and what else they do. If there is little to no information about the developer, I will usually look for a different extension.
Web Search
If, at this point, I still have any doubts about the extension, I will do a Google Search. Usually, this doesn’t turn up anything I didn’t already know, but occasionally, I’ll find an article or a discussion on Reddit about the extension or the developer. This can sometimes turn up useful information, such as additional reviews or concerns from internet security professionals.
In the end, you can’t be 100% safe. Every organization, large and small, can have its security breached. A small mistake or oversight in coding can leave a door open in the software that someone could exploit. However, taking a little time to do your homework can avoid obvious dangers, especially when it comes to shady Chrome extensions you should avoid.
Remember, when it comes to extensions, fewer is generally better. Keeping extensions to a minimum will reduce the RAM that your browser uses and leave fewer possible avenues for a hacker to exploit.
