Chrome add-ons can enhance your browsing experience, enabling you to accomplish tasks ranging from modifying the appearance of websites to receiving tailored recommendations for your vacation planning. However, like all software, add-ons can also pose security risks.
To address this, we have a team dedicated to safeguarding your security while you install and utilize Chrome add-ons. Our team:
- Offers you a customized overview of the add-ons you’ve integrated
- Evaluates add-ons before they are released on the Chrome Web Store
- Consistently monitors add-ons post-release
Summarizing Your Add-Ons
The top section of the add-ons page (chrome://add-ons) notifies you about any add-ons you have installed which may present security threats. (If there is no warning panel visible, it indicates that you likely have no concerning add-ons installed.) The warning panel includes:
- Add-ons suspected of containing malware
- Add-ons that violate Chrome Web Store policies
- Add-ons that have been removed by a developer, possibly indicating lack of support for an add-on
- Add-ons not sourced from the Chrome Web Store
- Add-ons that have not disclosed their data usage practices and other privacy policies
You will receive notifications when Chrome’s Safety Check has recommendations for you, or you can manually check by running Safety Check. Simply type “run safety check” in Chrome’s address bar and choose the corresponding shortcut: “Go to Chrome safety check.”
Illustration of removing add-ons identified by Safety Check.
Apart from the Safety Check, you can directly access the add-ons page through various methods:
- Go to chrome://add-ons
- Click on the puzzle icon and select “Manage Add-ons”
- Click on the More choices menu and navigate to menu > Add-ons > Manage Add-ons
Evaluating Add-Ons Before Release
Prior to an add-on being available for installation from the Chrome Web Store, we conduct two levels of verification to ensure its safety:
- An automated assessment: Each add-on is analyzed by our machine-learning systems to detect potential violations or suspicious activities.
- A manual evaluation: Subsequently, a team member assesses the images, descriptions, and public policies of each add-on. Depending on the outcomes of both the automated and manual reviews, a more extensive evaluation of the code may be conducted.
This evaluation process filters out the vast majority of malicious add-ons before they are published. In 2024, less than 1% of all downloads from the Chrome Web Store were identified to contain malware. While we are proud of this achievement, some harmful add-ons still manage to slip through, prompting us to also monitor published add-ons.
Monitoring Published Add-Ons
The same Chrome team responsible for reviewing add-ons before publication also scrutinizes those already available on the Chrome Web Store. Similar to the pre-release check, this monitoring involves both human and machine evaluations. Additionally, we collaborate closely with reputable security researchers external to Google, and even reward researchers who report potential threats to Chrome users through our Developer Data Protection Rewards Program.
Concerning add-ons that receive updates over time, or are programmed to execute harmful operations at a later date, our systems track and compare the actual behavior of add-ons against their stated purposes outlined in the Chrome Web Store.
Should the team identify an add-on as posing a significant risk to Chrome users, it is promptly delisted from the Chrome Web Store and disabled on all browsers where it is installed.
The add-ons page warns about potentially unsafe downloaded add-ons
Additional Measures for Ensuring Safety
Assessing New Add-Ons Before Installation
The Chrome Web Store provides valuable information about each add-on and its developer. The following details can assist you in determining the safety of installing an add-on:
- Verified and featured badges are granted by the Chrome team to add-ons adhering to our technical best practices and meeting high user experience and design standards
- Ratings and reviews from other users
- Developer information
- Privacy policies, including details on how an add-on handles your data
Exercise caution when encountering websites that aggressively push you to install add-ons, especially if the website lacks relevance to the add-on.
Reviewing Installed Add-Ons
Despite Safety Check and your Add-Ons page (chrome://add-ons) flagging potential risks associated with add-ons, it is advisable to periodically review the add-ons you have installed.
- Uninstall add-ons that are no longer in use.
- Evaluate the add-on description in the Chrome Web Store, taking into account the add-on’s ratings, reviews, and privacy practices — as reviews may change over time.
- Compare an add-on’s intended functionality with 1) the permissions requested by the add-on and 2) the privacy practices disclosed by the add-on. If permission requests don’t align with stated goals, consider uninstalling the add-on.
- Restrict the domains an add-on is authorized to interact with.
Activate Advanced Protection
Safe Browsing’s Enhanced protection mode is Chrome’s highest level of defense provided. This mode not only offers top-notch safeguards against phishing and malware but additionally furnishes extra features aimed at shielding you from potentially harmful add-ons. Given that threats evolve constantly, Safe Browsing’s Enhanced protection mode stands as the ideal means to ensure you have the most cutting-edge security features in Chrome. This can be enabled from the Safe Browsing settings page in Chrome (chrome://settings/security) by selecting “Enhanced.”
About Author
