Google’s adding some more security features to its Chrome browser, with the first changes rolling out to Windows users today. The update improves both Chrome and Google’s Chrome Cleanup Tool, which monitors extensions attempting to modify user settings like default search engines, along with malware designed to insert additional ads in your browser window. Perfect timing, considering the recent spate of Chrome extensions found collecting user data, impersonating more popular Chrome extensions, and even mining cryptocurrency without user consent.
The extensions in question took advantage of Chrome’s automated extension vetting process to sneak malicious code past the company and onto users’ computers. Extensions like the pop-up blocker SafeBrowse mined cryptocurrency using the processing power of Chrome users, while the Steam Inventory Helper extension (unaffiliated with Steam) used by gamers began monitoring user browsing habits after an update.
Google’s newest security update will now notify the user of changes made without their consent. If, for example, an extension changes your browser’s default search engine, Chrome will show you a pop-up asking if you’d like to restore your original engine of choice. The Chrome Cleanup Tool will monitor your downloads in Chrome and scan for malware or other unwanted software, removing it for you.
Get Rid of Useless Extensions
You’ve probably got more extensions installed than you realize. If you want to take a look at the ones you’ve accumulated over the years, head to your Chrome search bar and type “chrome://extensions” to bring up your list of installed extensions. You can also right click on any extension in your toolbar and select “Manage extensions” to bring up your list. There you’ll see both enabled and disabled extensions. To see what types of data they can access, click the Details link under each one. Not every extension can be modified, but some extensions will let you adjust a few settings through the Options link next to Details link.
Hide Rarely-Used Extensions
Some extensions run in the background, requiring little to no user interaction to do their job well. After installing the Reddit Enhancement Suite, for example, I took a few minutes to adjust my preferences and refreshed my Reddit page to see the much-needed interface adjustments take effect. I use it on a daily basis, but I don’t need to keep that icon in my toolbar, just sitting there, taking up space. Right-clicking an extension and selecting “Hide in Chrome menu” will remove the extension from your toolbar without installing it.
Vet the Ones You’re Keeping
No one is advocating that you get rid of every Chrome extension on your toolbar, especially those essential to your day-to-day browsing. Verifying an extension’s legitimacy takes time, but it isn’t impossible. Of course, extensions from popular companies (think Pocket, 1Password, or Evernote) should be considered pretty low risk, but most extensions are from smaller companies, or even individual developers trying to fix a problem like auto-playing videos or annoying pop-ups.
If you’re unsure of a certain extension’s trustworthiness, it helps to check the extension’s store page. Gauging the opinion of the web is also a viable option. When you visit a particular extension’s page, be sure to scroll through its description and note what types of data it needs to collect, as well as the quality and quantity of reviews. Search for the extension and see what people are saying or writing about it elsewhere, too. If the general consensus is positive, and the reviews seem legitimate, install away. If not, either avoid it entirely or look for alternatives.
Austin, Patrick Lucas. “You need to Clean up Your Chrome Extensions“, LifeHacker, Chrome October 2017