Do you find yourself ransacking web pages in order to escape the circle of unwanted chrome alerts or add-ons which you do not remember installing? It is vehemently the most annoying aspect of web browsing. Chrome extension, basically small (optional) programs help users customize, and enhance their experience while web browsing. Chrome, which has become synonymous with the internet and enjoys the largest league of followers, also hosts, or supports, an alarming number of extensions that pose threat to your personal data.
We are not endorsing any other browser such as Microsoft Edge/Internet Explorer or Mozilla Firefox, as each may be equally vulnerable to threats from extensions. But Chrome being the most popular web browser is our focus.
When users install a browser extension, they are intrinsically installing a piece of code which runs inside the browser. It is also capable of updating at a later stage and turning into an adware or malware without users’ knowledge. Traditionally Chrome, unlike other browsers left behind, asks users for permissions to access your data on all websites and sometimes even system storage. We often overlook the security aspect while allowing Chrome Extensions to tap into our personal data and web usage habits. This makes Chrome extensions a tasty soup for hackers to intrusively push adware and malware into your system.
Chrome Extensions require permissions such as “access your tab and browsing history” for functioning properly, and while a significant bunch of helpful ones dutifully make your Chrome experience shinier (pun intended), this allows Chrome extensions to read into the background scripts, access critical information like passwords, and inject nasty ads. Mozilla will not even bother to warn you that these extensions (or plug-ins in Mozilla lingo) have access to each of your interaction with the internet.
These malicious Chrome extensions capture statistics of usage, discretely hidden under “anonymous usage statistics” and sell this data to big corporations. These then track how often you have accessed social media, secretly peak through transactions involving credit card details and what you search on google. Based on this, they create a tentative picture of what are your preference and profile you based on your internet activity. These trackers may not know how you look, but know a lot about your shopping weaknesses and your covert biases.
These extensions then use your browsing patterns to pitch in the most bizarre and absurd ads. (By bizarre and absurd I mean unfinished and ugly). These malicious advertisements, termed Malvertisments, form sticky pop-ups which populate and defecate anywhere on your web pages. The black trade prevails under Google’s nose because the regulations set by the “advertising” giant are hazy and “allow” users’ data to be tracked by the malvertising extensions. On a cynical note, Google may possibly be minting some revenue from these data miners, too. Balance sheets of Alphabet, Google’s parent company, clocked $21.5 billion in Q2 of 2016 just from advertising – a figure which was $74 million in the respective quarter of the previous year, 2015.
One such mischievous Chrome extension is HoverZoom, which lets users expand thumbnails into life-size images – just to save time, basically. They use the following description under the reverence of permissions to be able to access your data. HoverZoom claims that it earns through affiliate advertising, thus allowing them to inject ads into each and every website you visit. At the same time, they track user searches and the firm was caught tracking and selling data of whatever users typed while using Chrome. Does aforementioned “anonymous usage statistics” ring a bell now?
Extension developers receive floods of communications for selling their Chrome extensions, reports power user guide HowToGeek and this anonymous blog reports that the developer of Feedly Reader Extension was offered a four-figure sum (in USD) to sell his creation. These Chrome extensions sold off-counter are then reprogrammed to be infectious malware.
Developers are being appeased with easy money and an average user may not ever know how they are being tracked. Users aren’t notified when an extension has been updated, nor can you keep a period check on all extensions. Usually, the credibility of the extension on the Chrome store can be judged by user ratings and brand prominence. For example, you must download the Grammarly extension only uploaded by the official service provider, instead of a third-party upload. Google’s official extensions are usually more secure, but I take due caution in catching any sneaky, unwanted and out of place advertisement, and advice you to do the same. Some may even cause slowing down of your PC, so reasons must be looked into seriously.
In no way, do we recommend against installing useful extensions. They are great tools which make life on the line easier and eventful. But, getting rid of the ones you do not use is utterly necessary as well. What’s even more important is being alerted in an erratic and uncertain connected web world.