Contrasting Views on Chrome Browser Extensions Safety: Google vs. Researchers

Paige Henley
Paige Henley Editor
Paige Henley Paige Henley Editor

In a stark contrast of opinions, two new reports highlight differing perspectives on the safety of Chrome browser extensions. Google claims that less than 1% of all installs include malware, while university researchers suggest that 280 million users have installed malware-infested extensions over the past three years.

Google’s Perspective

According to Google, there are over 250,000 extensions available on the Chrome Web Store. In a blog post, Google asserted that “less than 1% of all installs from the Chrome Web Store were found to include malware.” Despite these assurances, many users remain skeptical about the overall safety of these extensions.

University Researchers’ Findings

A recent study by researchers from Stanford University and the CISPA Helmholtz Center for Information Security paints a more concerning picture. The study, published on June 18, reveals that between July 2020 and February 2023, over 346 million users installed extensions deemed security-noteworthy. After accounting for policy violations and vulnerable code, the researchers estimate that 280 million installs involved extensions containing malware.

The researchers, Sheryl Hsu, Manda Tran, and Aurore Fass, analyzed extension permissions by examining each extension’s manifest.json file. They found malicious extensions often request more permissions than benign ones, increasing the potential attack surface. Alarmingly, some malware-containing extensions remained available on the Chrome Web Store for extended periods, with one staying online from December 2013 until June 2022.

Google’s Safety Measures

In response to the study, a June 20 post on the Google Security Blog by members of the Chrome security team acknowledged that extensions could introduce risks. However, Google emphasized its efforts to protect users, including reviewing all extensions before publication, monitoring them post-publication, and providing personalized summaries of installed extensions.

Google also introduced a safety check panel on the extensions page, alerting users to potentially risky extensions. They claimed that their review process, which includes automated machine-learning systems and human reviews, effectively filters out most malicious extensions.

Recommendations for Users

To minimize the risk of installing malicious extensions, Google offers four key recommendations:

  1. Review new extensions thoroughly before installing.
  2. Uninstall extensions that are no longer in use.
  3. Limit the sites that an extension can access.
  4. Enable the Enhanced Protection mode in Chrome’s Safe Browsing feature.

These steps aim to enhance user security and ensure a safer browsing experience with Chrome extensions. However, the contrasting reports from Google and the researchers suggest that users should remain vigilant and proactive in managing their browser extensions.

About the Author

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.

Leave a Comment