The Trouble with Installing Unofficial Browser Extensions

Google has extended its ban on unofficial Google Chrome extensions. This means developers and Mac users will have to install extensions from the official Chrome Web Store, according to recent news reports.

The initiative, launched a year ago, aimed to eradicate malicious browser extensions that ruined users` browsing experience by slowing the system down, injecting adware or silently tracking browsing activity.

However, Google has said in a blog post “it is crucial that our users stay safe from the reaches of malicious software developers. Extending this protection is one more step to ensure that users of Chrome can enjoy all the web has to offer without the need to worry as they browse.”

But this security feature hasn`t deterred cybercriminals from attempting to bypass it. In August 2014, the analysis of more than 48,000 extensions from the Google Chrome web store detected 130 malicious extensions, including one with 5.5 million affected users.

Why are unofficial add-ons dangerous?

Since add-ons reside in the browser, they can perform any action on behalf of the user, such as reading and modifying data on the websites the user accesses. They can also steal authentication cookies to impersonate users and access their personal and financial data.

In a recent “tag scam”, Facebook users were shown an enticing video that prompted them to download a malicious browser extension snuck into the official Google Chrome Store. More than 4,200 users installed it. A malicious extension can post statuses and comments on Facebook. It can also send messages and links via Facebook`s chat function, which may explain how the malicious extension spreads in the first place.