Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to determine if a Google Chrome extension is safe
#1
Lightbulb 
Quote:
[Image: Google-Chrome-extension-reviews.jpg]

When it comes to online security, you can never be too careful; this guide isn't about antivirus programs, firewalls or VPNs though, as it is about Chrome extensions.

Just because an extension is on the Chrome web store doesn't mean it is safe to use. There have been many cases of malicious add-ons which have been taken down in the past after they were installed by millions of Chrome users in some cases.

Note: The guide provides additional information on checking whether Chrome extensions are (likely) safe to use. You can check out Martin's guide on verifying Chrome extensions, and there especially the part on looking at the source.

How to determine if a Google Chrome extension is safe

We will focus on steps that you may undertake before installing extensions. It is often easier to determine if an extension is shady or outright malicious if you have installed it as it may be the cause for visible unwanted changes or activity such as hijacking search engines, displaying advertisement or popups, or showing other behavior that was not mentioned in the extension's description.

Users who known JavaScript may also check the source of the extension. Check out Martin's guide linked above for information on how to do that.

Web Store page

Analyze the extension's listing and see if it rings some alarm bells. Broken grammar or English may be seen as warning signs but since developers from all over the world publish extensions on the Store, some may be written by non-English natives. Bad grammar or spelling mistakes may not be used as an indicator. Irrelevant screenshots or very odd descriptions, on the other hand are all tell-tale signs of a malicious extension. These are quite rare though.

Logos

Malware developers resort to all sorts of tricks to infect users, and one of these is to use the logo (icon) of popular brands or applications. Sometimes, people get fooled by these and think it's from the company which makes the actual software. Pay attention to the developer name and click on it to see their other extensions.

Developer's Website and Contact

Does the extension have its own web page? Visit it to learn more about it and maybe something about the developer. We recommend using a content blocker when visiting these sites to avoid issues if the site is specifically prepared to attack decvices.

Not all extensions have a web page, but most do, at least for support requests/FAQs. Is there a contact option on the Chrome web store page which lets you email the developer? If there is one it's a good sign, but an absence of one doesn't mean it's a fake extension.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>