Extensions are essential when using a browser. Thanks to them we can improve the functionality of the browser, such as Chrome, and have features and functions that are not available by default. We cannot deny that these extensions are very useful. But they are also very dangerous and, if we are not careful, we can end up with a virus-infected PC.
Hackers are aware of the popularity and usefulness of extensions and how easy it is to trick the user into installing them. Luckily, there are several ways to avoid taking unnecessary risks when installing and using extensions in your browser. Next, we will see some of the most important.
Review extension permissions
The first thing to do is read the permissions of each add-on or extension carefully before installing them in the browser. This is something that we don’t usually even look at, accepting the conditions automatically, which is clearly a mistake. However, with this first step we make sure that one of these elements does not carry out unwanted activities on the device.
These permissions work more or less the same as Android app permissions, in that they define what the extension can or cannot do. And, thus, it is easy to raise suspicions. It is true that it can be a somewhat boring task, but in many cases we will appreciate it in the future.
The permissions review does not only apply to extensions that we get from external sources (such as GitHub) and install by hand, but we should also keep an eye on the addons that we download from the Chrome Store, since we can often find malware in them as well. she.
Also, if after updating an extension suddenly asks for a new set of permissions, we should be suspicious. And it is that it is possible that it has been pirated or sold to a third party and is planning to do mischief on the PC. And, therefore, we will need to remove it as soon as possible.
Beware of website extensions
Another technique widely used by hackers to endanger our security and privacy is to offer us the possibility of installing several extensions at the same time from the same website. Even, to gain trust, it allows us to install some directly from the Chrome Store, and the others by hand. Therefore, we should avoid websites that offer multiple extensions bundled together. We say this because there are developers who use this tactic to introduce some malicious extensions into the suite without us noticing.
It tends to be common, especially on web pages that offer illegal downloads, since it is part of the hackers’ advertising campaign (they charge money for each installation). And, also, in suspicious links that we often find on social networks.
Ask questions or problems with the developer
If we install an extension, and either we don’t know how it works, or we notice suspicious behavior, we can also choose to contact the developer to explain how it works. Generally, developers who are trustworthy tend to support and help us with any problems we may have. Therefore, if this is not the case, then we must be suspicious.
Therefore, we can also send an email to the developer to ask any questions we have. Thus, if we are not satisfied, we can discard its installation, or delete it if we had already installed it.
Check the reviews (especially the negative ones)
Another tip to avoid inadvertently installing dangerous extensions is to read user comments before installing them. Within the Chrome Store itself, each extension has a reviews section, where users can help others find out what the extension does, if it works, if it has problems or, why not, if it hides malware.
With a simple glance we can find out if the extension is legit, or if we install it, it can cause us all kinds of problems. We can also do a quick Google search to see if any blogs have discussed any security issues with any extensions.
Look for the badges
Another way to ensure that a store extension is legit is to look for Google badges. When an extension meets a set of quality goals, Google rewards you with two different badges: one for “Featured” and one for “Publisher.”
The Publisher badge is awarded when developers have verified their identity and are in compliance with the Developer Program Policies. On the other hand, the Featured badge is assigned only to those extensions that follow technical best practices. They must also meet a high standard of design and user experience.
Activate the protection of Google Chrome extensions
It is possible that a hitherto legitimate extension might suddenly turn out to be a malicious extension. This is common, for example, when the original developers of an extension sell it to third parties, or when a hacker steals a developer’s account and uploads a modified version of it.
To protect us from these dangers, Chrome has a security feature that checks our browser on a regular basis so that we can detect any security issues before it’s too late. To activate this security measure, we must type the following URL in the address bar:
chrome://settings/security
Once inside, we will activate standard security or enhanced security. And, in this way, if Chrome detects any problem in the browser (for example, a malicious extension), it will automatically disable it and notify us of the problem so that we can proceed with its removal.
