CAI Managed IT blog
Evaluating the Security of Your Chrome Extensions
Google Chrome is currently used by 69 percent of global desktop Internet users, as of July of 2020. With such a large amount of people using Chrome, its security becomes even more important… which makes it all the worse that many people are unaware of the permissions that some of its extensions claim.
Let’s go over how you can review how much of your data these Chrome extensions can access, and how you can adjust these permissions more to your liking.
Fair warning: This will naturally require you to change a few settings, so don’t be afraid to reach out to your IT provider to confirm these changes are okay to make and for assistance in doing so.
What Permissions Have Extensions Been Granted?
Here’s the thing—the extensions that you have installed into the Chrome browser, much like the applications that can be installed on a mobile device, will require some of your browsing data in order to function. Many extensions and applications, however, take claim of far greater permissions than their functionality requires in practice. In fact, a recent analysis of extension permissions shows that over a third of all extensions do this!
Here are a few steps that allow you to evaluate your Chrome extension permissions and help you to avoid granting them too much access in the future.
Step One: Evaluate Your Current Permissions
First, you will want to find out how many of your installed extensions currently ask for too much. To do so, you’ll need to type chrome:extensions into the address bar and go through the Details of each extension that appears on the page.
There, you’ll find a line annotated with Site access. There are various access levels that an extension can have once it is installed, including no access at all. What this means is that your web activity isn’t accessible by the extension at all. The other levels include:
- On click – This means that an extension can access and alter data in your active tab when you click on the extension’s shortcut.
- On specific sites – This means that only certain websites allow the extension to access and alter what is presented in the browser.
- On all sites – This means that there are no restrictions on an extension, allowing it to access and alter data at any time.
Certain types of extensions may need this kind of access, while others will not. It is up to you to determine what access is appropriate for each to need, based on what they use to operate.
Step Two: Adjusting Your Current Permissions
If an extension doesn’t need the level of permissions that it demands, do everything you can to address this by adjusting its settings. If the extension allows this, these permissions can be adjusted by simply selecting your preferred option under Site access. Whenever possible, following a principle of least privilege is the safest bet for your data.
Step Three: Keep Permissions in Mind Moving Forward
Once your extensions’ access permissions are in check, you don’t want to just fall back into your old habits with any new extensions you add. Remember, these extensions prompt you with a brief dialog box explaining its default accessibility settings… pay attention to them. Whenever you activate an extension moving forward you need to be sure to keep these permissions in mind. It may be the difference between installing an extension or finding another option.
CAI Managed IT can help you manage all your business technology through our proactive managed services and support. To find out more about our services, reach out to our team by calling (800) 422-4782.