How to Secure Extensions You Use?

[always_forever]

Recently came across the article at the following link:

https://cybernews.com/security/chrome-extensions-see-everything-cybersecurity-expert/

This has me wondering - how to best secure the extensions you need and use in Chrome?

I use mostly extensions related to security such as uBlock origin, Malwarebytes Browser Guard, and Kaspersky Protection. However, there are a couple for productivity (such as Grammarly) that I rely on for work and can't really uninstall.

Is there much you can do beyond restricting site access? Is this advisable when possible?

Is it a risk to allow them in Incognito mode?

Is there perhaps another extension that allows more granular control of the other extensions?

This article is concerning to me as it suggests using no extensions but I'm not sure that's possible. In that event, what are the best practices?

Any insight is appreciated!

 

[Marko :)]

Best ways to keep your browsing safe from malicious extensions are:

1. only use open source extensions
2. before installing, check privacy policy and permissions extension requires
3. never install extensions with small number of installs, bad rating and/or coming from questionable sources
4. never allow extensions you don't trust access to incognito tabs

I have nine extensions installed and only two of them have access to incognito tabs: uBlock Origin & Violentmonkey. First one is, obviously, to block ads and second one is for removing annoying Google/YouTube cookie prompts.

 

[always_forever]

Best ways to keep your browsing safe from malicious extensions are:

1. only use open source extensions
2. before installing, check privacy policy and permissions extension requires
3. never install extensions with small number of installs, bad rating and/or coming from questionable sources
4. never allow extensions you don't trust access to incognito tabs

I have nine extensions installed and only two of them have access to incognito tabs: uBlock Origin & Violentmonkey. First one is, obviously, to block ads and second one is for removing annoying Google/YouTube cookie prompts.

Thanks for the insightful response including best practices. I do these things and am in a position where I have to use some extensions.

Do you think the article is overstating the threat? It seems particularly concerning that they can steal login credentials and potentially access local files.

Beyond the practices above, can you think of any steps one might take to mitigate such risks with extensions? I do have AV and use Voodoo Shield as well as Hard Configurator. Not sure what else I can do beyond making sure Chrome and the extensions are updated.

Any further thoughts are appreciated!

 

[Marko :)]

If you only use thrustworthy extensions, you really have nothing to worry about. In general, I do agree with the article to some degree. The less extensions in the browser, the better–I'm installing extensions with this thought in my head. Increased number of extensions, not only could lower your security, but also slows down browser drastically.

As I said, try to use only open source extensions, which have code publicly available on the internet; then you are safe. I'd stay away from closed source extensions though. It's common practice that they collect all kinds of data.