Just like in the real world, computer security requires constant vigilance. Even so, a lot of users might not realize that downloadable browser extensions can be yet another vector for malware. After an embarrassing string of incidents wherein Chrome extensions have been found to contain something nasty (sometimes after being sold to a third party), Google is adding some tools to the official Chrome Web Store repository to help users download with confidence.
As of yesterday, the Chrome Web Store now includes two new indicators to show an extension’s bona fides. The “Established Publisher” badge shows that the extension developer has been verified by Google as the owner of the website listed in its profile and has complied with Chrome’s Developer Program Policy. The “Featured” badge shows that the extension follows the Chrome Web Store’s recommended guidelines and has a store listing with images and descriptions that are up to snuff.
Note that these improvements are on top of the official review process for the Chrome Web Store. Google staff reviews each extension that’s posted to the Store, and performs periodic checkups to make sure nothing nefarious has been posted in an update. Even so, issues have cropped up with malware and adware in the Chrome Web Store before. It’s also possible for users to install third-party extensions outside of the Web Store, which is every bit as risky as downloading executables for Windows or Android without checking the source.
Now as ever, it’s a good idea to be wary of anything new you install on your hardware, even if it’s only an add-on for a bigger program like Chrome. It couldn’t hurt to do a few searches for the extension and developer name beforehand.