How to Find Out if a Google Chrome Extension Is Safe to Use

How to Find Out if a Google Chrome Extension Is Safe to Use
Image: Gizmodo Australia

Chrome extensions are great. They can help you write better, keep pesky ads at bay, and save you money while you shop, among hundreds of other tasks. However, like Android apps on the Play Store, extensions on the Chrome Web Store aren’t always what they seem. Malware is very much a concern, and you certainly don’t want to compromise your privacy and security trying to download an adblocker.

Google seems to know the quality and security of the many Chrome extensions aren’t particularly consistent. That’s why the company has rolled out a new system for identifying verified extensions and creators. As you browse extensions to download, you’ll start to notice two new badges on reputable options, both of which denote different ways that particular extension and/or its publisher have been deemed legitimate.

Featured badge

The “Featured” badge appears as a blue ribbon icon on certain extensions. According to Google, the company awards this badge to extensions that “follow our technical best practices and meet a high standard of user experience and design.” What’s cool about this badge is it’s a sign the extension has been hand-reviewed by team members at Chrome, as opposed to being awarded by an algorithm or other program.

These team members look to see if the extension has a solid store page with a clear representation of its functions; that it’s working well for those who download it; that it’s utilising the latest Chrome APIs; and, most importantly in my opinion, that it’s respecting user privacy. While Google itself doesn’t have the best reputation when it comes to user privacy, it’s good to see the company at least acknowledging that it’s worth ensuring an extension isn’t blatantly stealing your data.

Established Publisher badge

When Google deems a publisher has shown to be working within its developer program policies and has verified their identity with Google, the company will award them with the Established Publisher badge. You’ll see this badge as a checkmark next to the publisher’s website. This badge offers another good way for users to trust the extension they’re interested in installing, since it means Google knows who they are. If the developer tries anything funny, their account is likely toast.

What else can you do to make sure a Chrome extension is safe?

Even with these two new badges in place, you should continue to employ best practices before downloading extensions to your browser:

  • Read the description in full so you know exactly what you’re downloading and what it’s promising to do.
  • Review all permissions the extension requests. If you don’t think there’s any reason the extension should be asking for access to your camera, that’s a big red flag.
  • Review at the developer’s website, which is always noted on the extension’s store page. If you get a weird vibe from the site, or if it doesn’t seem to match the promise of the extension you’re considering, trust your gut and leave it alone.
  • Don’t forget to check out the reviews. If customers have had shady experiences with an extension, they’ll likely report it in the comments. On the flip side, if most of the comments are pretty old and you can’t find any recent ones, you might want to stay away. Ensure the extensions you download are being kept up to date, which decreases the chance that they have been compromised.

This article has been updated since it was first published.