Untangling Chrome Extensions

The Google Chrome browser typically ranks near the top of the list when it comes to security. Generally the extensions available to Chrome browsers are safe too, but they can be leveraged to infect your browser or capture your personal data. Learn more below.

All the Extensions on the Web Store have been reviewed and approved by Google, right?

Not always. In general the Web Store does have a robust vetting process, but a recent study by a security researcher uncovered a large scale campaign of malicious copycat extensions that evaded detection. These extensions, in addition to offering the same features of the legitimate versions they imitated, infected computers with malware that allowed the criminals to intercept private browsing data and expose the user to unwanted advertising pop-ups. The researcher developed a tool that detected more than 500 of these extensions, which were subsequently removed, but not before they had been downloaded thousands of times.

But they can’t just appear in my browser by themselves, can they?

It’s not always clear how some extensions appear in a user’s browser. There are multiple ways that a bad actor could trick users into installing a malicious extension. It may come as a result of downloading a file, clicking a link in an email, or performing some other everyday task that seemed harmless enough at the time.

What can users do to protect themselves?

An occasional review of your extensions is a fairly simple process, and can help you identify which extensions are currently installed.

1. Type chrome://extensions into your address bar.

2. Review all of the extensions on the list. If you don’t remember adding them for some specific purpose remove them.

3. District added extensions (with the red “institution” icon) cannot be removed by individual users.

4. If you believe that an extension was added without your permission, and/or may be a malicious extension please report it to Google by checking the box before clicking the “Remove” button.

(NOTE: The “extension” used in this example is not a real one, it was created exclusively for this demonstration.)


Have malicious extensions ever been reported by district staff?

A mysterious extension named “My Templates” appeared in the browsers of several district employees in 2017-18. This innocent sounding extension fed pop-up notifications to the users computer at random when the browser was open. These messages could appear at any time, including in the middle of a lesson when the screen was being projected. This extension was eventually identified and removed by Google.