Are Chrome extensions safe? How to use them securely in 2024

Privacy news
8 mins
Best Chrome extensions to try.

Using Chrome extensions can feel like a balancing act. Extensions add new functions to your browser. You can sort passwords, block ads, fix grammar mistakes, and more without leaving your browser. However, they can also slow down your computer and put your privacy at risk by tracking you online.

Thanks to Google’s strict vetting, most Chrome extensions are safe. Some might ask for unnecessary permissions unrelated to their function or sell your data to third-party advertisers. If you’re a Chrome user, here’s how you can find safe extensions that work for you and not become a liability.

Jump to…
What are Chrome extensions?
Are Chrome extensions safe to use?
How to use Chrome extensions safely?
What if I’ve installed an unsafe Chrome extension?
How to see extensions that have already been installed?
Do Chrome extensions collect data?

How safe are Chrome extensions?

Chrome extensions are generally safe because Google reviews them before they appear in the Chrome Web Store. However, you should remain cautious and do your research before installing an extension. Always choose extensions from trusted developers, check the permissions they require, and read user reviews to gauge their safety.

 

What are Chrome extensions?

Chrome extensions are mini-programs that allow you to customize your Chrome browser. 

Built with web tools like HTML and JavaScript, extensions can range from broadly useful ad blockers and VPNs to the super niche, like ones that allow you to take a screenshot of a full webpage or hide specific sections of a specific website. 

Each extension is a CRX file that fits right into your browser, showing up as a small icon next to your address bar.

Once added and launched, the extension’s functionality becomes part of your Chrome browser. For example, a VPN Chrome extension can encrypt your traffic right from your browser, so you don’t have to use the main app.

How to install a Chrome extension

You must be using the Chrome browser before you decide to use an extension. Follow these steps to install a Chrome extension:

  • Visit the Chrome Web Store. Open Chrome and go to the Chrome Web Store by typing “chrome.google.com/webstore” in your address bar.
  • Search for the extension. Use the search bar to find the extension you need. You can type keywords like “Android Chrome extensions,” “ad blocker,” or “password manager.”
  • Choose the extension. Click on the extension you want from the list of search results. Review the extension’s details, user reviews, and required permissions.
  • Install the extension. Click the ‘Add to Chrome’ button. A dialog box will pop up asking you to confirm. Click ‘Add extension.’

While it’s not recommended for safety reasons, it is possible to install a Chrome extension from outside the Web Store. Once downloaded, enable ‘Developer mode’ in the extension settings and load the unpacked extension by dragging the CRX file onto the page.

Are Chrome extensions safe to use?

Chrome extensions in the Chrome Web Store are generally safe. Google rigorously reviews them to ensure they meet security and privacy standards. That doesn’t mean you can trust the first extension you see. Some extensions ask for permissions unrelated to their function, while others don’t roll out updates often.

Just like apps, extensions need to be updated to patch security vulnerabilities. If you’re using an outdated extension, a bad actor could exploit its security holes. Regular updates fix bugs and improve security, helping keep your browser and data safe. Make sure to update your extensions often to get the newest features and the best protection.

How to use Chrome extensions safely

Installing an untrustworthy Chrome extension can put your privacy at risk by stealing data or injecting malware. Here’s how you can find the best Chrome extensions and some tips to be mindful of before and when installing a Chrome extension:

Before installing a Chrome extension

Research the extensions and developer

Before you install a Chrome extension, do some quick research on the developer and the extension itself. Check if they have an updated website and active social media. Updates that fix bugs and improve security are good signs. Developers who openly share their contact info and update history, especially on sites like GitHub, are usually more reliable.

Check reviews

Reading user reviews lets you determine if a Chrome extension is safe. Look for reviews that discuss both the good and the bad points. Be wary of reviews that are unclear, too positive, or sound like they’re written by an AI chatbot, as they might not be true. Tools like Fakespot can check if reviews are genuine. Also, look at the number of reviews; more reviews mean more reliable information.

Understand the permissions needed

Before you install a Chrome extension, check the permissions it needs. Only accept those that are necessary for the tool to work. For example, a note-taking tool shouldn’t ask for your location. If it does, see this as a warning sign. Also, watch for any changes in permissions with updates, as these could increase access to your data.

Make sure the extension is updated regularly

Pick Chrome extensions that get regular updates. Updates fix bugs and protect against new security threats. To see how often an extension updates, check the ‘Version history’ on its Chrome Web Store page. You can also turn on automatic updates so you don’t have to check for updates manually.

When installing a Chrome extension

Download directly from the Chrome Web Store

To stay safe, always download extensions from the Chrome Web Store. Google’s strict checks block many unsafe extensions, but some bad ones may still get through. Before downloading, make sure to check who made the extension, confirm it gets regular updates, and look for any recent complaints about security from other users.

Use Chrome’s Enhanced Safe Browsing

Chrome’s Enhanced Safe Browsing checks websites and downloads against Google’s latest security data to warn you about potential risks. It also provides proactive security measures if you’re about to visit a risky site or download a malicious extension. To use it, go to Chrome settings, click ‘Privacy and security,’ then ‘Security,’ and select ‘Enhanced protection.’

 Screenshot of how to activate Enhanced Protection mode using Google Chrome

Install an antivirus software

An antivirus detects, quarantines, and removes malware, including harmful Chrome extensions. Some extensions can download additional software that could compromise your system’s security. Regular updates to antivirus software ensure it can recognize the latest threats, keeping your device safe as you enhance its functionality with extensions.

What if I’ve installed an unsafe Chrome extension?

If you suspect that you’ve installed an unsafe Chrome extension, here’s a step-by-step guide on what to do next:

  • Remove the extension. Open Chrome, click More tools > Extensions. Find the suspicious extension and select Remove. After removal, clear your browser’s cache and restart Chrome to ensure that all residual data from the extension is deleted.
  • Run a malware scan. Ideally, use antivirus software to perform a full system scan, ensuring no malware from the extension remains.
  • Change your passwords. If you suspect the extension accessed sensitive data, change relevant passwords immediately, especially for critical accounts.
  • Check account activity. Monitor your accounts for signs of unauthorized access and report any suspicious activity to the service provider.
  • Update security software. Ensure your browser and security software are up to date to defend against new threats.

How to see extensions that have already been installed?

To view the extensions installed in your Google Chrome browser, follow these easy steps:

  • Open the extensions menu. Click the three vertical dots in Chrome’s upper right corner, go to More tools > Extensions. This displays all installed extensions.
  • Review the list. Each extension shows its status (enabled or disabled), version, and available actions.
  • Manage extensions. Use the toggle to enable or disable extensions. Click Details for in-depth information or Remove to uninstall an extension.
  • Audit permissions. Regularly review the permissions each extension has to ensure they only access necessary data.

Do Chrome extensions collect data?

Yes, many Chrome extensions collect data, but the type and amount of data collected can vary depending on the extension’s function and the developer’s practices. Here are some types of data that a Chrome extension can collect:

Personally identifiable information

When you install Chrome extensions for social media or shopping, they might ask for your name, email, or location. This info helps tailor services to you but lowers your privacy. Always read the developer’s privacy policy and make sure the extension really needs the info it asks for its features.

Browsing data

Extensions that make your browsing better often ask to track your history, like the websites you visit and your searches. This helps them block ads or suggest things you might like. But if misused, they could sell this info to ad companies or track you without you knowing. Always check how the extension uses your data to make sure it’s safe and proper.

Financial and payment information

Some shopping and finance-related extensions might ask for your payment information, such as credit cards and past purchases. This can be handy for auto-filling forms or tracking your spending. But be super careful! Only allow access if the extension uses strong encryption and comes from a well-known developer with a good reputation.

Communication data

Some email or social media add-ons might need to see your messages to help you organize them or even write replies automatically. This can be a time-saver, but if the add-on doesn’t keep your information safe, it could expose it to bad actors. Always check how the add-on handles your data and whether it uses robust security measures to store sensitive information.

FAQ: About the safety of Chrome extensions

Are all Chrome extensions legal?
Can Chrome extensions access history?
Can Chrome extensions have viruses?
Are Chrome extensions stored locally?
Do you need a Google account to use extensions?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?