How To

How to avoid dangerous Chrome extensions

How to avoid dangerous Chrome extensions
Patrick Devaney

Patrick Devaney

  • Updated:

If you use Google Chrome on a Microsoft PC or Apple Mac, it is over 99% certain that you’ve installed and used at least one Chrome extension. Chrome extensions are those magical little add-ons that can perform all manner of task from simply blocking ads to checking your passwords against databases of known hacked passwords and websites. So far, so good.

How to avoid malicious Chrome extensions

It isn’t all sunshine, lollipops, and rainbows with Chrome browser extensions, however, because just like with every other type of digital program or service, hackers and cyber-criminals target Chrome extension users too. Not all Chrome extensions are safe with possible risks including being lured into phishing scams and fake web pages, having your data stolen, or even ending up on the wrong end of a ransomware demand. This means it is important to know how to avoid dangerous Chrome extensions.


This is how to avoid malicious extensions on Google Chrome

Much like with apps from the Google Play Store, there are a number of steps you can take to make sure the Chrome extensions you’re downloading are safe. Google does have a verification system for the Chrome Web Store like it does for the Play Store, but sometimes fake extensions get through. Fortunately, however, as the Chrome Web Store and the Play Store are quite similar, there are lessons we can learn on one and apply on the other.

Only download extensions from the official Chrome Web Store

Official Chrome Web Store

Although fake extensions do find their way onto the Store, there are many reasons why it should be the only place you go to download extensions. The way the store is set up forces developers to share information about themselves and also gives other users the chance to comment on the validity of the extension you’re thinking of downloading. If you download an extension from somewhere else, not only are you massively increasing the likelihood of downloading something malicious straight off the bat, you’re also denying yourself the chance to run through all the verification steps we’ll outline below.

Check the developer

Developer screenshot on Chrome web store

The developer of any extension will have to post their name next to it. This will also link to any other extensions they might have made. If you have doubts about a certain extension or if it is promising something that is too good to be true, check the developer. If the developer doesn’t have any other Chrome extensions on the Web Store, this should set alarm bells ringing. If the developer does have other extensions check them out. You should do this to well-known extensions too as there are many fake extensions on the Web Store too.

Read reviews

Reviews on Chrome Web Store

You should do this on the extension you’re thinking of downloading but also look at reviews for any other Chrome plugins the extension’s developer has made too. User reviews offer an invaluable resource to any security conscious individual. If you see things like Didn’t do what it was supposed to… or This is a virus… then you know to stay away. Generally, reliable extensions will have ratings of 3.5 stars or above across many hundreds or sometimes even thousands of reviews.

Check out the permissions

Check permissions on Google Chrome Extensions

Small print is a massive hole in our online security. More often than you’d think, we give cyber-criminals the permission they need to access all the information they’re after. In fact, many fake extensions end up in the Chrome Web Store with the sole mission of having users give all sorts of crazy permissions. When you’re downloading a Chrome extension look at the permissions it is asking for. If it is asking for permissions that don’t really fit the task it is supposed to carry out, think twice about installing it.

Regularly check your extensions are working normally

Developers sell Chrome extensions all the time. This means that the extension you installed, loved, and forgot about years ago may now belong to somebody else. Normally, when an extension is sold it is for monetization purposes. Basically, people buy extensions that have a lot of users and then turn them into adware. To stop yourself falling victim to this check your extensions. You should also check the most recent reviews as these will be most likely to reflect any major changes that will have occurred since you first installed the extension.

Do you really need the extension?

The other thing about extensions is that they’re very easy to install. This means you may have installed many extensions you don’t actually need. When you’re about to install a new Chrome extension, pause to think about whether you actually need it. If you’re convinced you are, then run through the checks outlined above and then if it passes, install it.

Delete unused extensions on Chrome

This isn’t to say you can’t download extensions for a bit of fun. As long you’ve checked an extension you can download it for whatever reason you wish. The key thing to remember here is that due to the previous point, having extensions that you don’t actually use installed on your Chrome browser leaves you open to potential exploitation. Download and use the extensions you need but if you have any you never use, get rid of them.

Wrapping up

So, there you have it. Chrome extensions are vulnerable to exploitation just like everything else that we can download and install onto our devices. Fortunately, however, if you stick to downloading and installing your Chrome extensions from official channels, there are plenty of ways you can verify the validity of the extensions you’re considering downloading. This means that the first and most important step to avoid dangerous Chrome extensions is to only ever download them from the Chrome Web Store. If you do that, you’ll always have a few simple steps to carry out to keep yourself safe online.

Patrick Devaney

Patrick Devaney

Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.

Latest from Patrick Devaney