When it comes to Google Chrome and its online security, you can never be too careful. However, this guide is not about antivirus programs, firewalls or VPN, since it’s about Chrome extensions. The fact that an extension is in the Chrome Web Store does not mean it is safe to use. There have been many cases of malicious add-ons that were removed in the past after millions of Chrome users installed them on their computers.
1. Google Chrome extension reviews
Here we will focus on the steps you can take before installing extensions. Often, it is easier to determine if an extension is suspicious or directly malicious if you have installed it. Since it can be the cause of unwanted changes or visible activities, such as search engine hijacking, displaying ads or pop-ups.
And also, show other behavior that was not mentioned in the description of the extension. Likewise, users who know JavaScript can also verify the source of the extension. You just have to access the Chrome flags to have much more information.
2. Chrome Web Store page
First, analyze the list of the extension and see if any alarm sounds. Defective grammar or language can be seen as warning signs. But since developers around the world publish extensions in the Chrome Web Store, some can be written by someone whose English is not their native language.
Bad grammar or spelling errors cannot be used as an indicator. Irrelevant screenshots or very strange descriptions, on the other hand, are telltale signs of a malicious extension. However, these are quite rare.
3. You must see the logos well
Malware developers resort to all kinds of tricks to infect users. And one of them is to use the logo (icon) of popular brands or applications. Sometimes, people are fooled by this and think it is from the company that makes the real software. Pay attention to the name of the developer and click on it to see its other extensions.
4. Website and developer contact
Does the extension have its own website? Visit it for more information and maybe something about the developer. We recommend using a content blocker when you visit these sites to avoid problems. Especially if the site is specifically prepared to attack devices.
Not all extensions have a web page, but most do. At least for support and FAQ’s requests (frequently asked questions). Is there a contact option on the Chrome web store page that allows you to send an email to the developer? If there is one, it is a good sign, but the absence of one does not mean that it is a false extension.
5. Privacy Policy
This is perhaps the most forgotten: Who reads the privacy policy? You should, because unlike website registrations or software agreements, you are not shown the privacy policy of an extension when you install it. But it can exist as an escape for the developer to get out of a legal dispute, should it arise. Accept the policy at the time you install the extension.
Use Control F and search for words such as data, collect, track, personal, etc. In the privacy policies. Your browser should highlight the sentences that contain the word and therefore you should read what it says.
If the policy is straightforward about the data they collect, think about whether it is worth using the extension at the cost of privacy. We will give you a hint: it is never acceptable. Obviously, developers and companies with bad intentions can add whatever they want to the privacy policy.
6. Check the permissions of extensions in Chrome
When you click on the install button, read the pop-up window that lists the permissions that the extension requires. Permits can give important clues; An add-on for a visual enhancement (as a topic) should not require permissions such as “Communicate with cooperating websites”. That means that it could be sending data, your personal data, to some server.
7. Comments
These are big red flags if you know how to identify the legitimate ones. Does an extension have revisions? Are they all 5 star reviews? That is suspicious. Look at the publication date of each review. If you find that all were published on the same day, you may be twice as suspicious.
Also look at the text, if they look more or less the same, or if usernames only contain random characters. Alarms should sound and you should see more deeply.
Best extensions to improve security and privacy in Chrome and Firefox
- HTTPS Everywhere: A simple extension for Google Chrome that improves security a little more is the one that opens the doors to this top. In this case, it is a small program that only allows you to access HTTPS web pages while it is activated. In this way, you can be more than sure that all the platforms on which you want to access will have this security protocol.
- Privacy Badger: Going now to mention extensions for Firefox, you currently have a name named Privacy Badger, which allows you to improve privacy and security within this browser. This can be done, basically because the program allows you to block all those trackers that are collecting information from your browsing without your consent.
- No-Script Suite Lite: Aimed at improving the privacy of users using Google Chrome is this extension capable of blocking Scripts on pages that are not very trusted. An example of this mentioned is the blocking of JavaScript, being able to use the same only on the sites you choose.
- Cookie AutoDelete: Focused on working in Firefox’s browser, this extension has the peculiarity of controlling cookies, being able to configure this small program so that they are destroyed automatically and that they do not collect information from our navigation. Definitely a good option to improve internet security.
- WOT: This is another of the best extensions of Google Chrome to improve privacy and security that focuses your efforts on alerting us when you are entering an unsecured website. It does this, counting on the ratings that other users have had of this platform that you want to enter.
- Facebook Container: Considered as one of the most popular security extensions of Firefox stands Facebook Container, which has as a strong point the protection against tracking by this social network.
- LastPass: With LastPass you won’t have to worry about not remembering the many keys that are part of your access to the accounts and users around the internet. You will simply have to activate the extension and you will automatically have a place where all your passwords lie, keeping the same super secure in case another person other than you tries to enter this small application.
How to determine if a Google Chrome extension is safe or not
Did the reviewers copy and paste the comment? It is possible, but it was not in this case. The extension had multiple reviews that used the same comments over and over again. In fact, there was more than one review left by the same user. Is it possible that the extension has kidnapped the user to publish these reviews? Or were they paid?
Regardless of this, it is recommended to avoid such extensions to be on the safe side. It may be a good idea to verify if the developer has commented on any of the opinions of the users. You should also go to the following pages.
Look for similar extensions and be careful with clones
Many times, malicious users clone pages by placing screenshots of the original applications. In this way, they manage to download an extension. This is alarming. The worst part is that an original add-in or extension had a size of approximately 2.15 MB. While the clone was approximately 4.26 MB.
If the page is a clone, what is the extra size for? That is scary. Therefore, search the Web Store with similar keywords, or the name of the extension. Check the results. Also, look at the date of publication of the complement, the oldest is obviously the original.
Again, if you know JavaScript, you could analyze the code to discover why the clone has a size that is almost twice the size of an original add-on. It could be something as simple as an uncompressed image that is used as a logo. Or some additional code that can be used for malicious or invasive practices.
Open Source
If the extension is open source, it is likely to be secure. But you should not take this for granted. You should go to the page where the source code is published to see if it really exists. Also, you should check when the last confirmation was made on the source code page.
If the extension was recently updated, but the source code was not updated, the extension may no longer be open source and possibly open to privacy and security issues.
Search in social networks
You can try searching Google for the name of the extension to see if users posted problems, recommendations or reviews on social networks. This gives you an idea of the actual use of the extension. If you encounter suspicious extensions, do yourself and everyone a favor and report it to Google.
Some tips we mention here are not necessarily restricted to Chrome extensions when downloading. But they also apply to extensions of other browsers such as Firefox.