![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/07\/creepy-potentially-dangerous-Google-Chrome-extensions-600x300-1.jpg\")
<\/p>\n<\/p>\n
For decades, popular Web browsers have offered the ability to extend their capabilities through the use of third-party extensions.<\/p>\n
Today, Google Chrome is the most popular desktop browser on the planet, with a roughly 65% market share<\/a>. Microsoft Edge is the number-two browser, with a 13% market share, and it’s also based on Chromium\u2014the open-source version of Chrome. These and other Chromium-based browsers support extensions from Google’s Chrome Web Store<\/a>.<\/p>\n Google would have you believe that Chrome extensions are, by and large, extremely safe. On June 20, the Chrome Security Team wrote<\/a> on the Google Security Blog, that “In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware<\/strong>,” noting “We’re proud of this record.”<\/p>\n It seems odd to be “proud” that close to 1 in every 100 extension installs from their store contains malware. Imagine a doctor bragging to patients, “Only 1 in 100 patients gets sick as a result of visiting our office!” That’s an alarming failure rate.<\/p>\n Also concerning is that Google’s claim presumably* didn’t even take into consideration an August 6 report<\/a> about “at least 300,000 users across Google Chrome and Microsoft Edge” who had unknowingly installed extensions from a specific malware campaign over the past three years. (*The exact timeline of communication between the researchers and Google is unclear.)<\/p>\n Two days before the Google blog post, researchers from Stanford University published a study<\/a> examining the safety of extensions in the Chrome Web Store (CWS). Most of their sample data was collected through May 2023. But the results may reflect a somewhat similar situation to today’s Chrome Web Store\u2014and they’re shocking.<\/p>\n The researchers defined “security-noteworthy extensions” (SNE)<\/strong> as malware-containing, privacy-violating, or known-vulnerable extensions. And they found many of each.<\/p>\n Some of the key takeaways from the research include:<\/p>\n This research is rather stunning, to say the least. But even this research doesn’t tell the whole story of why extensions can be unsafe.<\/p>\n A little over a year ago, we reported<\/a> on the Intego Mac Podcast<\/a> about nearly three dozen browser extensions in the Chrome Web Store that contained search-hijacking code. Some of the extensions had contained this unadvertised malicious functionality for nearly two years before Wladimir Palant blogged about the problem<\/a>, and Google finally took them down. But in the mean time, those 34 extensions had amassed 87 million users.<\/p>\n I pointed out on the podcast that sometimes this sort of thing happens “when a developer stops working on an extension or app, [and] someone else comes along and offers the developer a bunch of money and says, ‘Here, I\u2019ll take over development.’ And then they start developing it and add malicious things to it.” While it’s unclear whether that may have been the case with those 34 Chrome extensions, it has certainly happened before, and will inevitably happen again<\/strong>.<\/p>\n In fact, just last August, the developer of a Chrome extension with 300,000 users spoke out about having received more than 130 solicitations to “monetize” his extension<\/a><\/strong>.<\/p>\n That’s to say nothing of overtly malicious extensions. In March 2023, we reported on a fake ChatGPT extension designed to hijack Facebook accounts<\/a>.<\/p>\n All of this speaks to the potential dangers of using any third-party browser extensions.<\/p>\n My recommendation is to avoid using any extensions at all\u2014unless you’re absolutely sure you can trust the developer.<\/strong><\/p>\n One of the most popular categories of extensions is advertisement and tracker blockers. The only ad-blocking extension that I both trust and personally use is uBlock Origin<\/a> by Raymond Hill. Wladimir Palant’s Adblock Plus<\/a> is fine, too; both developers understand browser security well. Or you can use a browser with built-in ad blocking, such as Brave<\/a>, a privacy-focused, Chromium-based browser.<\/a><\/p>\n Each week on the Intego Mac Podcast<\/strong><\/a>, Intego’s Mac security experts discuss the latest Apple news, security, and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n You can also subscribe to our e-mail newsletter<\/strong><\/a> and keep an eye here on The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Whether you use Google Chrome or another browser, think twice before you install any extensions. They might contain malware, vulnerabilities, or privacy violations\u2014even if you get them from an official extension store.<\/p>\n","protected":false},"author":14,"featured_media":101214,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[11],"tags":[4543,38,173,2389,181,4607],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\n\t\n\t\n\t\nMalware in Google’s Chrome Web Store<\/h3>\n
Extension risks go far beyond malware<\/h3>\n
\n
Good extensions can take a turn for the worse, too<\/h3>\n
Avoid installing extensions if at all possible<\/h3>\n
How can I learn more?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\")
<\/a><\/p>\n![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/X-Twitter-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Facebook-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/YouTube-logo-icon-225.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Pinterest-logo-icon-225.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/LinkedIn-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Instagram-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" "\\"Follow")
<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"