![From fast food worker to cybersecurity engineer with Tae'lur Alexis [Podcast #169]](https://cdn.hashnode.com/res/hashnode/image/upload/v1745242807605/8a6cf71c-144f-4c91-9532-62d7c92c0f65.png?#)
Six Ways to Ensure Your Browser Extensions Are Legit
Be careful about the add-ons you allow inside your browser.
Browser extensions can potentially see a lot of what you're up to on your computer—so you need to be careful when it comes to choosing which of these add-ons you install and allow to access your browser.
While plenty of browser extensions out there are legit and genuinely useful, some of them aren't. Browser security analyst John Tuckner (via Ars Technica) recently posted about discovering dozens of suspect extensions that have overly broad permissions and seem to be mining browser data. These extensions are apparently being used by around six million users.
Most of these extensions are unlisted in the Chrome Web Store, so users need to be directed to the exact URL to find them, and they're less visible to security scans and the wider web. They don't appear to offer much in the way of functionality, and are coded in a way that makes it difficult to ascertain their purpose.
Even more worryingly, the developers of some of these extensions have been labeled as "Featured" by Google, which supposedly means they've met certain standards in terms of privacy and security. It's a reminder that even when an extension looks fine, you should still exercise plenty of caution.
There's no foolproof, 100-percent-guaranteed way to spot dodgy browser extensions, but there are plenty of ways to assess their legitimacy, which I've outlined below.
Keep up with the news
There are plenty of good folk on the right side of the security and privacy fence, including John Tuckner. Stay up to date on the tech news headlines, and breaking stories across social media, and you should get a heads up about any major issues.
Take the case of the Honey extension, for example, which was recently found to be deploying some shady tactics in terms of manipulating online prices. If you're checking the news, you'll know about discoveries like these.
Read the reviews
Reviews can be faked, and don't always provide a true indication of the quality of an extension, but they'll give you some pointers. Look for common complaints and concerns, especially those that have been posted recently.
A lot of low ratings can be a big warning sign, especially if they're mentioning the extension being buggy or slow. You should also check to see if the developer has addressed any of the complaints, and given plausible explanations for them.
Look at the developer
Speaking of developers, the details of the people behind these add-ons are always shown on the extension listings. See if there's clear evidence for what these individuals or teams do, and why they might have made an extension available for your browser.
If an extension is made by a professional coder with an active social media presence and a genuine GitHub landing page, that's a good sign. If a developer link leads to a badly formatted webpage with little in the way of info, that's not so good.
Check the permissions
Like the apps installed on your phone or laptop, browser extensions have permissions: You can see the permissions they're asking for on their listing pages, and after you've installed them, to check what they're trying to do.
You have to make some judgment calls here in terms of what's reasonable and what isn't when it comes to permissions, but clearly an extension that snoozes inactive tabs (for example) doesn't need to read everything you're typing into your browser.
Use security tools
Several security tools will help you spot bad extensions, such as John Tuckner's own Secure Annex: With a little help from AI, it scans through extensions looking for potential problems, though it's aimed at companies rather than individuals.
For Chrome, try Chrome Extension Source Viewer (for checking code), and Under New Management (for checking who's behind an extension), plus Chrome's own Safety Check. There are plenty of other options out there, both for Chrome and for other browsers.
Stay up to date
Web browsers and operating systems are actually pretty good—though not infallible—when it comes to spotting security issues, including browser extensions that might be trying to steal data or direct you to suspicious parts of the internet.
This depends on you keeping your software up to date, though: Hackers and scammers love outdated, unpatched code. Make sure you install pending updates for your browser and Windows or macOS as soon as you get notifications about them.
