Why you should avoid most Chrome extensions !

Why this 3 extentions have full access to my Netflix account… ??

Extensions can access everything !

Most of the Chrome extensions you installed on your browser can read all of your browser data 😦. Because you enter your credentials to access to confidential websites (like gmail, or your bank account). Each extension can read this data like you. What you see 👀, and what you write ⌨️ can be read by most of your extensions.

Why do Chrome extensions have full access to my data?

It’s possible only because you accept it ✅. (but you don’t really have the choice). Look at this screen below.

To install this extension you have to give permission to access your clipboard, and all your data on the websites you visit.
To the bottom, the information is read and stored by the extension. This information is only a declaration from the publisher. You have to trust him 🙏🤐 — Look at the “Keystroke logging”, → the publisher can record your keyboard even when you are typing your password.
Here are some extensions that ask you the permission to access to every website you visit…

How to recognize safe extensions ?

You can find safe extensions on Chrome Store but it’s a little more difficult 🥴. I will help you to recognize safe extensions with this example below.

Here are 4 safe extentions, because they ask only what they really need

Weet case

On the top left you have Weet, a really good screencast recorder 😍. This extension asks to access only on one website, and if you look at the url it’s the website of the app (https://app.weet.co) ✅. That means the extension is really safe and cannot view other website.

Zoom case

Everyone knows Zoom takes some “shortcuts” with security, but their extension is good. It asks to access more than the website but if we analyze the features of the app we can understand why they need this access:

  • zoom.com, like Weet the extensions need to communicate with the publisher website. ✅
  • calendar.google.com, this extension wants to schedule zoom meeting, so it’s normal for Zoom to request access to your calendar ✅
  • www.google.com and www.gstatic.com, I suppose Zoom sends some statistics to Google 🤩 but it stills safe. ✅

Screencastify and Giphy

Screencastify, another screen recorder, asks to capture your screen, which we can consider as normal for a screen recorder 😝 ✅.

How can I manage that?

How to restrict extension access to my data on chrome
Deactivate an extension in incognito mode (This is the default option) 🙈

Conclusion

Google tries to make some efforts to avoid “malware extensions” but without real engagement 🤷‍♂️. Most of the time, extensions ask for full permissions to avoid some technical issues because the list of authorizations isn’t accurate enough.

  • If I want to develop a video downloader extension : I would like to access to the video on a webpage. But for that I have to ask the Google Chrome Store access to the full content😦. @Google Developers an authorization, to access video only, can be a good idea?
  • If I want to develop a spellchecker: I would like to access only the editable content of a webpage. Also for that I have to ask the Google Chrome Store for access to the full content 🤯. @Google Developers an authorization, to access to editable content only, can be a good idea?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jeremy Rouet

Jeremy Rouet

8 Followers

Hi, I’m Jeremy Rouet. I’m CTO / cofounder at https://weet.co and https://speach.me. I love imagining new features / concepts.