Two recent reports offer contrasting views on the safety of Chrome browser extensions. According to Google, less than 1% of all installations include malware. In contrast, university researchers claim that over a three-year span, 280 million users installed extensions containing malware. Both figures raise concerns about the overall security of these extensions.
Let’s take a close look at the details.
Also read: Security bug enables impersonation of Microsoft employee emails: All you need to know
Google’s assertion that “less than 1% of all installs from the Chrome Web Store include malware” might not be as reassuring as intended due to recent findings by researchers from Stanford University and the CISPA Helmholtz Center for Information Security, reports Forbes.
The study underscores a significant concern regarding security-noteworthy Chrome browser extensions. Between July 2020 and February 2023, over 346 million users installed such extensions.
Even after subtracting 63 million policy violations and three million with vulnerable code, the researchers estimate that there were still 280 million installs of Chrome extensions containing malware.
Also read: SnailLoad: New security loophole that enables spying on internet users
Google recommends several proactive measures for Chrome users to minimise the risks associated with malicious extensions:
1. Review Before Installing: Before installing any new extension, thoroughly read the information provided about the extension and its developer. This step helps in understanding its functionality and assessing potential risks.
2. Uninstall Unused Extensions: Regularly review and uninstall extensions that are no longer in use. Unused extensions can still pose security risks if not updated or monitored.
3. Limit Permissions: Restrict the permissions granted to extensions by limiting the sites where they can operate. This reduces the potential attack surface and limits the impact of any compromised extension.
4. Enable Enhanced Protection Mode: Activate Chrome’s Enhanced Protection mode within the Safe Browsing settings. This mode enhances security by providing protections against phishing attempts, malware, and specifically targets potentially harmful extensions.