Chrome add-ons can enhance your browsing experience, enabling you to do everything from modifying the appearance of websites to receiving tailored suggestions when planning a trip. However, like any software, add-ons can also pose risks.
That’s why we have a dedicated team committed to ensuring your safety while installing and utilizing Chrome add-ons. Our team:
- Delivers a personalized overview of the add-ons you’ve integrated
- Evaluates add-ons before they’re released on the Chrome Web Store
- Constantly surveils add-ons after they’ve been published
A summary of your add-ons
At the top of the add-ons page (chrome://extensions), you’ll be alerted to any add-ons you’ve installed that may pose security concerns. (If you don’t see a notification panel, you likely don’t have any concerning add-ons.) The panel includes:
- Add-ons suspected of containing malware
- Add-ons that violate Chrome Web Store regulations
- Add-ons that have been unpublished by a developer, indicating lack of support
- Add-ons not sourced from the Chrome Web Store
- Add-ons that haven’t disclosed their data usage and privacy practices
You’ll receive alerts when Chrome’s Safety Check makes recommendations for you, or you can initiate a check yourself by typing “run safety check” in Chrome’s address bar and selecting the corresponding prompt: “Navigate to Chrome safety check.”
Illustration showing the process of removing extensions highlighted by Safety Check.
In addition to Safety Check, there are various ways to directly access the extensions page:
- Access chrome://extensions
- Click the puzzle icon and select “Manage extensions”
- Click the More choices menu and opt for menu > Extensions > Manage Extensions
Assessing add-ons before release
Before an add-on is available for installation from the Chrome Web Store, we conduct two verification stages to ensure its safety:
- Automated assessment: Each add-on undergoes scrutiny by our machine-learning systems to identify potential violations or suspicious activities.
- Manual assessment: Subsequently, a team member inspects the images, descriptions, and public policies of each add-on. Based on both the automated and manual assessments, we may conduct a more detailed review of the code.
This assessment process filters out the vast majority of problematic add-ons before they are published. In 2024, fewer than 1% of all installations from the Chrome Web Store were found to contain malware. While we’re proud of this achievement, a few malicious add-ons can still slip through, which is why we also keep an eye on published add-ons.
Monitoring published extensions
The same Chrome team responsible for reviewing pre-release add-ons also oversees already published add-ons on the Chrome Web Store. Similar to the pre-release check, this monitoring encompasses both human and machine evaluations. We also collaborate with reputable security researchers external to Google and even incentivize researchers who report potential threats to Chrome users through our Developer Data Protection Rewards Program.
Concerning add-ons that receive updates over time or are programmed to execute malicious code in the future? Our systems actively observe this by periodically checking the real activities of add-ons and comparing them to the objectives declared by each add-on in the Chrome Web Store.
If a severe risk to Chrome users is identified by the team, the add-on is promptly removed from the Chrome Web Store and disabled on all browsers where it is installed.
The extensions page reflects when you have a potentially unsafe add-on downloaded
Additional actions to enhance your safety
Evaluate new add-ons before installation
The Chrome Web Store offers valuable insights about each add-on and its developer. The following details can aid in determining the safety of an add-on:
- Verified and featured badges are granted by the Chrome team to add-ons adhering to our technical standards and achieving a high level of user experience and design
- Ratings and reviews from users
- Information about the developer
- Privacy policies, including data-handling practices of an add-on
Exercise caution with websites that attempt to prompt quick installations of add-ons, particularly if the site has little relevance to the add-on.
Reassess add-ons already installed
Despite Safety Check and your Extensions page (chrome://extensions) warning about add-ons posing risks, it’s advisable to periodically review your installed add-ons.
- Uninstall add-ons no longer in use
- Review an add-on’s description in the Chrome Web Store, taking into account the add-on’s ratings, reviews, and privacy policies—reviews can fluctuate over time.
- Compare an add-on’s stated objectives with 1) the permissions sought by the add-on and 2) the privacy policies disclosed by the add-on. If requested permissions do not align with stated objectives, consider uninstalling the add-on.
- Restrict the sites an add-on has permission to operate on.
Activate Enhanced Protection
The Enhanced Protection mode of Safe Browsing is Chrome’s highest level of defense offered. This mode not only provides superior defenses against phishing and malware but also includes extra features tailored to safeguard against potentially harmful add-ons. As threats continually evolve, Safe Browsing’s Enhanced Protection mode stands as the most advanced security feature set in Chrome. This can be toggled on from the Safe Browsing settings page in Chrome (chrome://settings/security) by selecting “Enhanced.”
About Author
