A Security Briefing on Chrome Extensions
Did you know that, as of July 2020, 69 percent of global desktop Internet users utilized Google Chrome as their browser of choice? With such a large market share, the security associated with Google Chrome is important to keep in mind. To help increase some of this awareness, we wanted to talk about Chrome’s many extensions and the permissions they are too often granted, with minimal awareness from the user.
Let’s review what some of these permissions actually mean in terms of the data that these extensions can access, and how you can adjust them to suit your comfort level.
OBLIGATORY DISCLAIMER: This process will involve changing a few of your computer settings, so you should make sure to run these changes past your IT provider for confirmation before you make them. Feel free to ask them for help if it makes you more comfortable.
Evaluating What Permissions Have Been Granted
Just like a mobile device application, a browser extension is going to need some data to function properly. As your extensions operate within the browser, they are going to request your browsing data. However, some extensions (as well as applications) claim to require far more data than their tasks actually need, and request permission to access this excess.
A recent analysis of these permission requests revealed that this problem is present in over a third of all extensions.
So, we wanted to share a few steps to help you evaluate these access permissions so that you can rein back your controls in the future.
Step One: Check Permissions as They Stand
To start, you’ll need to find out which of your currently installed extensions have been given excessive permissions. In your browser, enter chrome:extensions into the address bar and review each extension that appears on the page. Looking through the Details, you’ll find a line labelled Site access.
These access levels describe the level of permissions that the extension has been granted. They include:
- On click – This means that an extension can access and alter data in your active tab when you click on the extension’s shortcut.
- On specific sites – This means that only certain websites allow the extension to access and alter what is presented in the browser.
- On all sites – This means that there are no restrictions on an extension, allowing it to access and alter data at any time.
Depending on the function of the extension, any one of these site access levels may be appropriate, while some may need no access at all. You will have to judge if the requested access is appropriate.
Step Two: Adjusting Permissions
Uh oh… one of your extensions has been granted far greater permissions than it would ever need. Fortunately, you can usually adjust these settings by selecting the appropriate option under Site access. Make sure you are following the principle of least privilege and minimizing access as much as possible. If an extension asks for too much, reconsider whether or not you need it, and delete it if able.
Three: Stay Cognizant of Permissions
Once you’ve sorted out your current extensions, make sure that you stay diligent whenever installing a new one. Before the installation starts, all extensions will prompt you with a dialog box explaining the permissions it requires. Don’t just click through this box—review the access that the extension is requesting, and judge whether to seek out an alternative.
Datalyst is here to help you remain proactive in your IT management and maintenance through our fully managed IT services. To learn more about how we can help your business with its technology, give us a call at (774) 213-9701.