With the latest release of their browser, v.4.0, Google has published a long expected feature: Browser Extensions. Now Chrome features what other browsers like Firefox, IE, Opera and so on offer for a long time already.
But, being able to compete with the others better doesn’t mean that they have solved all problems. Actually, their problems just start to appear – because adding extensions in the browser is just the same as opening Pandora’s box.
Anyone can write extensions and upload them in the Google Extension Gallery. Google doesn’t check in any way that the extensions are behaving correctly and do only “good” things.
As Aaron Boodman, Software Engineer at Google, posted in Chromium’s blog, extensions can bite: “If you’re using extensions now, you should keep in mind that they are powerful software. Extensions integrate with your browser, so they can access and change everything that happens in it. For example, the same technology that enables an extension to periodically check the number of messages in your Gmail inbox could also be used to read all your personal mail and tweet it to your mom! This can happen because of malicious intent or simply because of a bug.”
We strongly recommend to be very careful about what you install in the browser. It is better to install only extensions which are built by Google. This is usually specified in the extension name or description and if the email address of the author is @google.com (not gmail.com!). Also, make sure that the extension is rated high (should have at minimum 4 stars and been reviewed by at least 1000 users).
These extensions can not only do bad things to you (as mentioned by Aaron), but they can also affect the stability of the browser, deactivate other extensions or slow down the browsing. So, even if they are not built to be malicious, they can be wrongly programmed and result in equally malicious, non intended actions.