Make sure you really need the extension
This one is not about the extension you intend to install but rather proper security hygiene. Every functionality that you add to your system will increase your possible attack surface. There are a lot of cool and funny things out there but if you don’t really need it don’t install it.
Create a dummy Chrome profile to check out possible extensions first
If you are like me, you can’t always adhere to the previous rule. Checking new software is not only fun but may be part of your day-to-day work. After all, how would you know if a Chrome extension will help you increase your productivity without installing it? Creating a new dummy Chrome profile for testing purposes is a reasonable precaution that can help prevent a lot of tears. Separate your real business browser, where you have all your accounts open, from the testing profile and you have added an additional layer of security.
Never install an extension from outside of the Chrome Web Store
Google has already enforced this policy for Chrome extensions that are published after June 12th, 2018. But if you have previously installed an extension from somewhere outside of Chrome Web Store uninstall it now and look for an official alternative on Chrome Web Store.
Google says that by September 12, it will disable this functionality for existing extensions. Regardless of where you click for installing an extension, you will be led to Chrome Web Store and that is a good thing. According to Google, the inline install API that is necessary for installing extensions outside Chrome Web Store will be removed from Chrome 71 altogether in early December 2018.
Google says that the descriptions and feature lists in the Chrome Web Store are vital to help users make informed decisions on whether or not they really need a particular extension.
Please note that developers will still be able to locally install their extensions for testing by enabling developer mode.
Make sure you are installing the right extension
This may sound too easy but it isn’t. Earlier this year AdGuard, a company that offers ad blocking products, revealed a list of five malicious Chrome extensions that in all had compromised over 20 million users. Here’s the list of the malicious extensions:
- AdRemover for Google Chrome™ (10M+ users)
- uBlock Plus (8M+ users)
- Adblock Pro (2M+ users)
- HD for YouTube™ (400K+ users)
- Webutation (30K+ users)
Now have a look at the following list of legitimate extensions:
- AdBlock (10M+ users)
- Adblock Plus (10M+ users)
- AdBlocker Ultimate(750K+ users)
- uBlock (500K+ users)
- uBlock Origin (10M+ users)
- uBlock Plus Adblocker (800K+ users)
- And many, many more…
As you can see, it’s really important to make sure you install the extension you intend to install. It is really difficult to tell the first list from the second. Don’t rely on something you vaguely remember. bdtechtalks.com