Blog

415 IT Blog

415 IT has been serving the San Rafael area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses

A Security Briefing on Chrome Extensions

A Security Briefing on Chrome Extensions

Did you know that, as of July 2020, 69 percent of global desktop Internet users utilized Google Chrome as their browser of choice? With such a large market share, the security associated with Google Chrome is important to keep in mind. To help increase some of this awareness, we wanted to talk about Chrome’s many extensions and the permissions they are too often granted, with minimal awareness from the user.

Let’s review what some of these permissions actually mean in terms of the data that these extensions can access, and how you can adjust them to suit your comfort level.

OBLIGATORY DISCLAIMER: This process will involve changing a few of your computer settings, so you should make sure to run these changes past your IT provider for confirmation before you make them. Feel free to ask them for help if it makes you more comfortable.

Evaluating What Permissions Have Been Granted

Just like a mobile device application, a browser extension is going to need some data to function properly. As your extensions operate within the browser, they are going to request your browsing data. However, some extensions (as well as applications) claim to require far more data than their tasks actually need, and request permission to access this excess.

A recent analysis of these permission requests revealed that this problem is present in over a third of all extensions.

So, we wanted to share a few steps to help you evaluate these access permissions so that you can rein back your controls in the future.

Step One: Check Permissions as They Stand

To start, you’ll need to find out which of your currently installed extensions have been given excessive permissions. In your browser, enter chrome:extensions into the address bar and review each extension that appears on the page. Looking through the Details, you’ll find a line labelled Site access.

These access levels describe the level of permissions that the extension has been granted. They include:

  • On click – This means that an extension can access and alter data in your active tab when you click on the extension’s shortcut.
  • On specific sites – This means that only certain websites allow the extension to access and alter what is presented in the browser.       
  • On all sites – This means that there are no restrictions on an extension, allowing it to access and alter data at any time.

Depending on the function of the extension, any one of these site access levels may be appropriate, while some may need no access at all. You will have to judge if the requested access is appropriate.

Step Two: Adjusting Permissions

Uh oh… one of your extensions has been granted far greater permissions than it would ever need. Fortunately, you can usually adjust these settings by selecting the appropriate option under Site access. Make sure you are following the principle of least privilege and minimizing access as much as possible. If an extension asks for too much, reconsider whether or not you need it, and delete it if able.

Three: Stay Cognizant of Permissions

Once you’ve sorted out your current extensions, make sure that you stay diligent whenever installing a new one. Before the installation starts, all extensions will prompt you with a dialog box explaining the permissions it requires. Don’t just click through this box—review the access that the extension is requesting, and judge whether to seek out an alternative.

415 IT is here to help you remain proactive in your IT management and maintenance through our fully managed IT services. To learn more about how we can help your business with its technology, give us a call at (415) 295-4898.

Cybercrime Spiking During the Pandemic
Tip of the Week: Simple Fixes to Common Android Is...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, 05 November 2024

Captcha Image

Customer Login

News & Updates

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...

Contact us

Learn more about what 415 IT can do for your business.

415 IT
1299 4th Street Suite 305
San Rafael, California 94901

Copyright 415 IT. All Rights Reserved.