Do your Chrome Extensions a host for Malware?

If you use Google Chrome within your business, you might already be familiar with extensions. These useful tools can improve your browsing experience in many different ways, including blocking annoying ads to reducing distractions. while browsing. Extensions are incredibly popular because they can add so much functionality to your browser.

But just as you need to be careful when installing new apps on your devices, you must also be cautious when adding new extensions to your browser. That’s because they come with a risk of malware.

With Google Chrome holding about 65% of the browser market share worldwide, this popularity makes Chrome a prime target for cyber criminals. While cyber attacks sometimes exploit vulnerabilities in the browser itself, using malicious extensions containing malware is an easier way to target Chrome users.

Although Google keeps a tight watch on its Chrome Web Store, the risk is still there.

A recent report claims 280 million people installed a malware-infected Chrome extension between July 2020 and February 2023. That’s a huge number and highlights the importance of being vigilant.

Surprisingly, many malicious extensions remained available for download on the Chrome Web Store for a long time. On average, malware-filled extensions stayed up for 380 days, while those with vulnerable code were available for about 1,248 days. One particularly notorious extension was downloadable for 8 and a half years before being removed.

How can you protect yourself and your business from these malicious extensions? Here are the five steps we recommend.

External Reviews: Since checking ratings and reviews on the Chrome Web Store isn’t always reliable (many malicious extensions don’t have reviews), look for external reviews from trusted tech sites to judge whether an extension can be deemed as safe to use.

Permissions: Check permissions that are required for the extension to work and be cautious if an extension asks for more permissions than it should. If a new extension requests extensive access to your data or system, this could be a red flag.

Security Software: Use robust software to catch malware before it can do any harm. This is your last line of defence if a malicious extension manages to get installed.

Requirements: Do you really need the extension to be installed? Before installing any new software or browser extensions, consider whether you really need it.

Trusted Sources: Most malware-ridden extensions come from sources that aren't trusted or from known providers. If you are only installing extensions from trusted sources or well-known software providers this will significantly reduce the risk of downloading a harmful extension.

Due to Chrome's massive popularity, this means it will always be a target for cyber criminals. Google’s security team works hard to review every Chrome extension to ensure they are safe, but because they can't catch them all, it’s still crucial to remain vigilant.

If you’re unsure whether your extensions are safe or not, or you’d like more advice around keeping your business secure, our team can help. Get in touch.