9

Should I ever be worried about installing any chrome extension from the Chrome store?

A lot of the Chrome extensions I have, have the permission "Read and change all your data on the websites you visit" - now that sounds fairly open ended permission that you can do a lot of damage with that (read through my emails, go into my internet banking?).

Can I trust a chrome extension to not secretly do malicious activities in the background? If so, why should I be able to trust these extensions? Is the Chrome store curated by Google?

stickman
  • 1,550
  • 3
  • 13
  • 16
  • 1
    possible duplicate of [Worst case scenario, what can a Chrome extension do with "Your data on all websites" and "Your tabs and browsing activity"?](http://security.stackexchange.com/questions/15259/worst-case-scenario-what-can-a-chrome-extension-do-with-your-data-on-all-websi) – schroeder Jun 06 '15 at 16:09
  • 1
    @schroeder: I would not consider this a duplicate. The question you refer to is about what the extension can do. In this question the author is already kind of aware of the problems with the permission and the question is more about trust and how good the chrome store gets curated. – Steffen Ullrich Jun 06 '15 at 18:46

1 Answers1

8

Can I trust a chrome extension to not secretly do malicious activities in the background? If so, why should I be able to trust these extensions? Is the Chrome store curated by Google?

You cannot fully trust the chrome store. For examples of malicious behavior see Uncovering Malicious Browser Extensions in Chrome Web Store from 09/2014, Adware vendors buy Chrome Extensions to send ad- and malware-filled updates from 01/2014 or Can you trust your browser extensions? Exploring an ad-injecting chrome extension from 10/2014.

The idea is often the same: gain some initial trust by being a well behaved extension and later turn bad.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424