If your business uses Google Chrome, you’re likely familiar with extensions. These handy tools can significantly enhance your browsing experience, whether it's by blocking intrusive ads or minimising distractions.

Extensions are popular because they can add a lot of functionality to your browser. However, just as you exercise caution when installing new apps on your phone, you need to be careful when adding extensions to your browser, as they can pose a malware risk.

Malware, short for malicious software, refers to any software specifically designed to harm a computer, server, or network. Cybercriminals use malware to steal data, take control of systems, and even access bank accounts.

With Google Chrome holding about 65% of the global browser market share, it is the most popular browser by a wide margin. This popularity makes Chrome a prime target for cybercriminals. While some cyberattacks exploit vulnerabilities within the browser itself, malicious extensions containing malware offer an easier way to target Chrome users.

Despite Google’s vigilance in monitoring the Chrome Web Store, risks still exist. A recent report indicates that between July 2020 and February 2023, 280 million people installed a malware-infected Chrome extension. This staggering number underscores the importance of being cautious.

Shockingly, many malicious extensions remain available for download on the Chrome Web Store for extended periods. On average, malware-infected extensions were accessible for 380 days, while those with vulnerable code stayed up for approximately 1,248 days. One especially notorious extension was downloadable for 8.5 years before it was finally removed.

How can you safeguard yourself and your business against these malicious extensions? Here are five steps we recommend:

  1. External Reviews: Since ratings and reviews on the Chrome Web Store are not always reliable (many malicious extensions lack reviews), seek external reviews from reputable tech sites to assess whether an extension is safe.
  2. Permissions: Be wary if an extension requests more permissions than necessary. If a new extension asks for extensive access to your data or system, this could be a warning sign.
  3. Security Software: Use robust security software to detect malware before it can cause damage. This acts as your last line of defence if you accidentally install a malicious extension.
  4. Necessity: Before installing new software or browser extensions, consider whether you genuinely need it. Often, the same functionality can be achieved by visiting a website.
  5. Trusted Sources: Only install extensions from trusted sources or well-known software providers. This greatly reduces the risk of downloading harmful extensions.

As Chrome is the most popular browser, it will always be a target for cybercriminals. Although Google’s security team diligently reviews each Chrome extension to ensure safety, it is still crucial to remain vigilant.

If you’re unsure about the safety of your extensions or need more advice on keeping your business secure, our team is here to help. Feel free to get in touch.