How to determine if a Google Chrome extension is safe or not

When it comes to on-line safety, you’ll be able to by no means be too cautious; this information is not about antivirus applications, firewalls or VPNs although, because it is about Chrome extensions.

Just as a result of an extension is on the Chrome internet retailer does not imply it is safe to use. There have been many instances of malicious add-ons which have been taken down up to now after they have been put in by hundreds of thousands of Chrome customers in some instances.

Note: The information supplies extra info on checking whether or not Chrome extensions are (probably) safe to use. You can take a look at Martin’s guide on verifying Chrome extensions, and there particularly the half on wanting on the supply.

How to determine if a Google Chrome extension is safe

Google Chrome extension reviews

We will give attention to steps that you could be undertake earlier than putting in extensions. It is typically simpler to determine if an extension is shady or outright malicious if you’ve got put in it as it could be the trigger for seen undesirable modifications or exercise corresponding to hijacking serps, displaying commercial or popups, or exhibiting different habits that was not talked about within the extension’s description.

Users who recognized JavaScript can also examine the supply of the extension. Check out Martin’s information linked above for info on how to try this.

Web Store web page

Analyze the extension’s itemizing and see if it rings some alarm bells. Broken grammar or English could also be seen as warning indicators however since builders from everywhere in the world publish extensions on the Store, some could also be written by non-English natives. Bad grammar or spelling errors could not be used as an indicator. Irrelevant screenshots or very odd descriptions, alternatively are all tell-tale indicators of a malicious extension. These are fairly uncommon although.


Malware builders resort to all types of tips to infect customers, and one in all these is to use the brand (icon) of common manufacturers or purposes. Sometimes, folks get fooled by these and suppose it is from the corporate which makes the precise software program. Pay consideration to the developer title and click on on it to see their different extensions.

Developer’s Website and Contact

Does the extension have its personal internet web page? Visit it to be taught extra about it and possibly one thing concerning the developer. We advocate utilizing a content material blocker when visiting these websites to keep away from points if the location is particularly ready to assault decvices.

Not all extensions have a internet web page, however most do, at the very least for assist requests/FAQs.  Is there a contact choice on the Chrome internet retailer web page which helps you to electronic mail the developer? If there is one it is a good signal, however an absence of 1 does not imply it is a pretend extension.

Google Chrome extension developer website

Privacy Policy

This is maybe probably the most missed one? Who reads the privateness coverage? You ought to, as a result of in contrast to web site registrations or software program agreements, you are not proven the privateness coverage for an extension once you set up it. But it could exist as a loophole for the developer to get out of a authorized dispute, ought to one come up. You settle for the coverage the second you put in the extension.

Use Control + F and seek for phrases like information, acquire, observe, private, and so on, in privateness insurance policies. Your browser ought to spotlight the sentences which include the phrase and it is best to learn what it says.

If the coverage is upfront concerning the information they acquire, take into consideration if it is value utilizing the extension at the price of privateness. I am going to offer you a trace: It’s by no means acceptable.

Obviously, builders and corporations with ill-intent could add no matter they like to the privateness coverage.


When you click on the set up button, learn the pop-up which lists the permissions the extension requires. Permissions could give essential clues; an add-on for a visible enhancement (like a theme) should not require permissions like “Communicate with cooperating web sites”. That means it may very well be sending information, your private information, to some server.

Google Chrome extension permissions


These are huge crimson flags if you know the way to determine legit ones. Does an extension have critiques? Are all of them 5-star critiques? That’s suspicious. Look on the publishing date of every overview. If you discover that they have been all posted on the identical day it could be fishy. Look on the textual content as nicely, if they give the impression of being extra or much less the identical, or if the usernames solely include random characters, alarm bells ought to go off and it is best to look deeper.

Take a take a look at the screenshot right here. What do you see?

How to determine if a Google Chrome extension is safe or not

Did the reviewers copy/pasted the remark? It’s attainable, however it wasn’t on this case. The extension had a number of critiques which used the identical feedback again and again. In truth, there was multiple overview left by the identical person. Is it attainable the extension has hijacked the person to submit these critiques? Or have been they paid for? Regardless of this, I might advocate avoiding such extensions to be on the safe facet.

It could also be a good concept to examine whether or not the developer has commented on any of the person critiques. Go over the subsequent few pages.

Search for comparable extensions, be careful for the clones

The screenshot which you noticed above is really not from the unique extension. I wager you were not anticipating that? It was from a clone of one other extension which had a comparable title, similar options, barely completely different description, an equivalent privateness coverage.

It was alarming. The worst half was that the unique add-on was about 2.15 MB in dimension whereas the clone was about four.26 MB. If it was a clone, what’s the additional dimension for? That is scary. So search the online retailer utilizing comparable key phrases  (or the title of the extension), take a look at the outcomes. Look on the add-on’s revealed date, the older one is clearly the unique.

Again, if you recognized JavaScript, you may analyze the code to discover out why the clone has a dimension that is practically double the scale of the unique. It may very well be one thing so simple as an uncompressed picture that is used as a brand or extra code which may be used for malicious or invasive practices.

Open Source

If the extension is open supply, it is probably that it may very well be safe. But I would not take it without any consideration. You ought to go to the web page the place the supply code is revealed to see if it really exists. You also needs to examine when the final commit was made on the supply code web page. If the extension was up to date just lately, however the supply code wasn’t, the extension could not be open supply and presumably open to privateness and safety points.

Search throughout Social networks

You might attempt Googling for the extension’s title to see whether or not any points, suggestions or critiques have been posted by customers on social networks. This offers you an concept of real-world utilization of the extension.

If you do come throughout suspicious extensions, do your self and everybody a favor, and report it to Google.

Some tips I discussed right here aren’t essentially restricted to Chrome extensions, they apply to extensions for different browsers corresponding to Firefox as nicely.

Check Also

How to identify fonts on any webpage without using an extension in Firefox and Chrome

Webpages include a number of visible parts, regardless that we could not usually discover them. …

Leave a Reply

Your email address will not be published. Required fields are marked *