#TechBytes: A guide to using Google Chrome extensions safely
With nearly 60% of market share across all platforms as of June 2018, Google Chrome sits on the throne of internet browsers. Apart from offering a clean, fast, and secure experience, what makes Chrome stand out is the sheer number of utility-enhancing extensions it offers. However, there exist malicious extensions which can be a threat to security. Here's a guide to safely using extensions.
Back-to-basics: What exactly is a Chrome extension?
Security protocols: Scanning and layered permission systems
Firstly, Google scans every extension submitted to the Chrome Web Store, but sometimes malicious ones slip through the net. Additionally, Chrome does have a layered permission system regulating what information an extension has access to, but that's only effective in the hands of a vigilant user - nothing can be done if you approve all permissions without weighing the consequences.
Despite security protocols, there remain potential threats
Since Chrome extensions reside within the browser, they could potentially have access to a lot of information such as websites visited, details entered on forms etc. While extant security protocols offer some sort of protection against malicious extensions, they're not water-tight, and hence requires vigilance from users, both before, and after installation. Further, while threats cannot be completely eliminated, you can minimize risks.
General guidelines to avoid security breaches
A general rule of thumb is that you should install only the extensions you really need - the more extensions you have, the greater the chances of a security breach. Also, it's imperative you stick only to extensions available on the Chrome Web Store, and avoid using unvetted, third-party extensions. If you have such third-party extensions, uninstall them and get alternatives from Chrome's store.
Ensure there are no mistakes on your part
Check official websites, avoid unpopular and seemingly popular extensions
While not all extensions have official websites, and seemingly official websites can also be created by malicious actors, it's still a good idea to visit official websites, when available, to try and ascertain the authenticity of an extension. Additionally, it's a good idea to avoid extensions with very few users, or extensions which have seemingly perfect, yet unjustified and unsubstantiated reviews.
Review permissions, check the extension codes if you're capable
If you're even slightly tech savvy, it's strongly advisable to go through an extension's required permissions before installing it - always tally permissions with an extension's description. For instance, a screen-capturing extensions shouldn't be asking permission to access your contacts. Finally, if you possess the requisite skill set and have time, you can check the extension's code for signs of malicious intent.