A new report from Reuters says that security researchers discovered that malicious Chrome extensions have been downloaded as many as 32 million times, and that the extensions siphoned off user web history and login credentials. That information was then sent to hackers through a variety of websites.
The researchers, from a firm called Awake Security, provided the information to Google, which removed 70 related extensions from the Chrome Store. The news, however, points out the difficulty in keeping our information safe online, and the balance between convenience and security.
Google Chrome is the browser of choice for hundreds of millions of computers. According to estimates, almost 70 percent of people use Chrome to navigate the web. We'll set aside, for a moment, that Chrome is generally slow and taxes the resources on your computer in way that drains your battery and gobbles up memory. People choose it anyway, largely because of the functionality it provides though features like extensions.
The problem is that those extensions often have far more access to what you do online than you might expect. As a result, they're a common tool of hackers and online scammers, as is this latest case.
Scammers have long used Chrome extensions to launch pop up ads, or to install malicious code on an unsuspecting users' computer. When you grant permission to those extensions to access your web history, that means that you are exposing everything you do online to a third party. It might be worth reconsidering whether you're okay with that before you click.
In fact, I suggest asking yourself the following four questions before installing any Chrome extension.
Do you need the extension?
If the extension promises to find you coupon codes online, you probably don't really need it. The same is true with extensions that say they are for converting files. That's a feature you can easily do on most computers, so you don't need an extension for that. Sure, there are convenient extensions that make online tasks easier, but be sure it's something that actually adds a real benefit. And if sounds too good to be true, it's probably very, very bad.
Do you trust the developer?
In this case, it appears the developers used fake information to publish their extensions within the Chrome Store. Before installing any extension, check to see where it came from. Have you ever heard of the company before? If not, it might worth avoiding the extension altogether, or at least doing a little research in advance.
Can you limit the permissions?
When you install an extension, many request permission to do various things with your information. Pay attention to exactly what the extension will be able to do, and what information it can access. If something doesn't seem right, or if an extension that says it will help you convert files wants access to your web browsing history, it's probably not worth it.
Should you use an alternative browser?
Honestly, I think there's no good reason to use Chrome. I don't even have it on my MacBook Pro (I had to download it just to get that screenshot above). If you really just like the interface, check out Brave, which is built on the same browser engine, but has far better ad-tracking protection. It's the browser I use on a daily basis, along with Safari. Both browsers prevent third-party cookies, which track your activity across the web, and help prevent device fingerprinting. They also happen to be much faster than Chrome, in my experience.