New Google Chrome experiment warns of malicious and slow extensions

Google has added a new experiment to the Chrome browser that is designed to educate users about the malicious behavior and performance issues that can be caused by browser extensions.

Cybersecurity firm Awake released a report on Thursday that detailed how 111 Google Chrome extensions capable of malicious behavior were downloaded over 32 million times.

“These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc.,” Awake’s report stated.

Google has stated that they have since removed 77 of the extensions.

Google launches Chrome extensions checkup experiment

Whether it is coincidence or a result of this report, Google has released a new experiment in Chrome 83 called ‘Extensions Checkup’.

When enabled, this experiment will display information boxes at the top of the chrome://extensions page or as a small message at the bottom of New Tab Pages that try to educate users about the risks of using browser extensions.

To enable this experiment in Chrome 83, go to chrome://flags and search for ‘extensions checkup’.  When the experiment appears, you can select one of the ‘Enabled’ options to start displaying these educational alerts.

Extensions Checkup Chrome experiment
Extensions Checkup Chrome experiment

The message boxes shown by this experiment are meant to illustrate that browser extensions can be malicious or can slow down your browser experience, and in some cases, your PC if too much CPU is used.

The messages then prompt you to check your extensions and make sure you recognize them and meant to install them.

The ‘Performance’ message explains how browser extensions can slow down your PC.

Performance focused message
Performance focused message
A healthier, happier Chrome
Some extensions can slow you down - especially ones you didn't mean to install.

If you don’t recognize an extension, or if your browser isn’t working as expected, you can turn off or customize extensions here.

The ‘Privacy’ message will explain that browser extensions can see your browsing activity, including what you enter into a browser.

What they are not saying is that there is little to stop an extension from stealing anything you type into your browser or performing other unwanted behavior.

Privacy focused message
Privacy focused message
Check your extensions
Some extensions can see your browsing activity - including personal information.

If you don’t recognize an extension, or if your browser isn’t working as expected, you can turn off or customize extensions here.

The ‘Neutral’ message just asks you to check your extensions and remove any that you do not remember installing.

Neutral focused message
Neutral focused message
Manage your extensions
On this page you can see all the extensions installed in Chrome.

If you don't recognize an extension, or if your browser isn't working as expected, you can turn off or customize extensions here.

Finally, if you enable the experiment on NTP pages, a small message will appear on New Tab Pages that ask you to check your extensions, as shown below.

New Tab Page (NTP) message
New Tab Page (NTP) message

This experiment is a good start as many people blindly install extensions without understanding the risks behind them.

Unfortunately, it is not enough, and more has to be done in the review process for the Chrome Web Store to prevent malicious extensions from being available in the first place.

Google has not announced anything related to this experiment, but as shown by this Chrome Gerrit post, they are starting to enable it in field trials on ChromeOS, Windows, Linux, and macOS.



Next Post

Source of Beijing’s big new COVID-19 outbreak is still a mystery | Science

Sun Jun 21 , 2020
The Xinfadi Agricultural Wholesale Market in Beijing in February. The market was shuttered on 13 June after it became the center of a new COVID-19 outbreak. TINGSHU WANG/REUTERS/Newscom By Dennis NormileJun. 17, 2020 , 4:55 PM Science’s COVID-19 reporting is supported by the Pulitzer Center. Beijing’s confirmation of a COVID-19 […]