Get Started Today!  (415) 295-4898

croom new

415 IT Blog

A Security Briefing on Chrome Extensions

A Security Briefing on Chrome Extensions

Did you know that, as of July 2020, 69 percent of global desktop Internet users utilized Google Chrome as their browser of choice? With such a large market share, the security associated with Google Chrome is important to keep in mind. To help increase some of this awareness, we wanted to talk about Chrome’s many extensions and the permissions they are too often granted, with minimal awareness from the user.

Let’s review what some of these permissions actually mean in terms of the data that these extensions can access, and how you can adjust them to suit your comfort level.

OBLIGATORY DISCLAIMER: This process will involve changing a few of your computer settings, so you should make sure to run these changes past your IT provider for confirmation before you make them. Feel free to ask them for help if it makes you more comfortable.

Evaluating What Permissions Have Been Granted

Just like a mobile device application, a browser extension is going to need some data to function properly. As your extensions operate within the browser, they are going to request your browsing data. However, some extensions (as well as applications) claim to require far more data than their tasks actually need, and request permission to access this excess.

A recent analysis of these permission requests revealed that this problem is present in over a third of all extensions.

So, we wanted to share a few steps to help you evaluate these access permissions so that you can rein back your controls in the future.

Step One: Check Permissions as They Stand

To start, you’ll need to find out which of your currently installed extensions have been given excessive permissions. In your browser, enter chrome:extensions into the address bar and review each extension that appears on the page. Looking through the Details, you’ll find a line labelled Site access.

These access levels describe the level of permissions that the extension has been granted. They include:

  • On click – This means that an extension can access and alter data in your active tab when you click on the extension’s shortcut.
  • On specific sites – This means that only certain websites allow the extension to access and alter what is presented in the browser.       
  • On all sites – This means that there are no restrictions on an extension, allowing it to access and alter data at any time.

Depending on the function of the extension, any one of these site access levels may be appropriate, while some may need no access at all. You will have to judge if the requested access is appropriate.

Step Two: Adjusting Permissions

Uh oh… one of your extensions has been granted far greater permissions than it would ever need. Fortunately, you can usually adjust these settings by selecting the appropriate option under Site access. Make sure you are following the principle of least privilege and minimizing access as much as possible. If an extension asks for too much, reconsider whether or not you need it, and delete it if able.

Three: Stay Cognizant of Permissions

Once you’ve sorted out your current extensions, make sure that you stay diligent whenever installing a new one. Before the installation starts, all extensions will prompt you with a dialog box explaining the permissions it requires. Don’t just click through this box—review the access that the extension is requesting, and judge whether to seek out an alternative.

415 IT is here to help you remain proactive in your IT management and maintenance through our fully managed IT services. To learn more about how we can help your business with its technology, give us a call at (415) 295-4898.

Cybercrime Spiking During the Pandemic
Tip of the Week: Simple Fixes to Common Android Is...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, October 24 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Productivity Technology Best Practices Business Computing Data Data Backup IT Support Network Security Privacy Hosted Solutions Cloud IT Services Data Recovery Internet Email Efficiency Software Business Managed IT Services Malware Outsourced IT Innovation Collaboration Phishing Small Business Google Cloud Computing Tech Term Upgrade Cybersecurity User Tips Business Management Hackers Hardware Business Continuity Computer Windows 10 Mobile Device Microsoft Managed Service Mobile Devices Smartphone Quick Tips VoIp Workplace Tips Communication Ransomware Backup Android Covid-19 Disaster Recovery Managed Service Provider Paperless Office Smartphones Remote Work Encryption Communications Business Technology Saving Money Browser Server Data Management Network Office 365 Users Wi-Fi Remote Monitoring BDR Managed IT Vulnerability Holiday Social Media Healthcare Document Management Help Desk Internet of Things Compliance Passwords Windows 7 Artificial Intelligence Chrome Save Money Facebook Miscellaneous Government Laptops Microsoft Office Managed IT services Data Security Applications Blockchain Health Virtualization Employer-Employee Relationship Antivirus Two-factor Authentication Scam Information Redundancy Processor Analytics Bandwidth Office Tip of the week Automation Vendor Management Mobile Office Project Management Avoiding Downtime Data Loss Customer Relationship Management Storage Router RMM Maintenance VPN Machine Learning Proactive Meetings Website Files Access Control Virtual Private Network Company Culture Windows Mobility BYOD Employee-Employer Relationship IoT OneDrive Managed Services Regulations Training IT Management Infrastructure Hard Drive Gadgets Software as a Service Apps Network Management Co-Managed IT Alert Tablet Dark Web HIPAA Augmented Reality Utility Computing Remote Password Consultation Internet Exlporer Bring Your Own Device Smart Technology Computing Time Management Networking Monitoring Search File Management Remote Worker Financial Recycling Remote Monitoring and Management Unified Threat Management Operating System Flexibility Payment Cards Mobile Security Data Storage Unified Communications Employees Information Technology Electronic Health Records Consulting Downtime Social Network Instant Messaging Word Server Management Gmail The Internet of Things Professional Services Cooperation Patch Management Data Breach Risk Management Management Managed Services Provider Money File Sharing Remote Workers Wireless Assessment WiFi Net Neutrality Asset Tracking Backup and Disaster Recovery Cyber Monday Staff App Batteries Read Only Security Cameras Permissions Identity Theft Enterprise Resource Planning Holidays GDPR Outsource IT Transportation Active Directory Techology Point of Sale Tech Terms Microsoft Excel Cache Wireless Internet Big Data MSP Finance Computing Infrastructure Geography Wasting Time Current Events SaaS Smart Devices Conferencing Social Networking Outsourcing Human Error Screen Reader Peripheral CIO applications Technology Laws Google Calendar Printing Fraud Identity IT Modem High-Speed Internet Laptop Windows Server Touchscreen Outlook Hacking Disaster Resistance E-Commerce Theft Remote Computing Optimization Employer/Employee Relationships Apple Emergency Multi-Factor Security Authentication Alerts Database Electronic Medical Records Tech Support Virtual Reality Banking Hard Disk Drives Sensors Printer Travel G Suite Video Conferencing Heating/Cooling OneNote Permission Firewall Smart Tech PCI DSS Unified Threat Management Mobile Business Telephone Notes Licensing Development Remote Working User Management Shortcut Trending Proactive IT Features Virtual Machines Proactive Maintenance Solid State Drive Authorization Comparison Voice over Internet Protocol Projects Statistics Data Warehousing IT Technicians Cost Management Solid State Drives Politics Technology Tips Motherboard Chromebook Biometric Servers Lenovo How To Test Distributed Denial of Service Connectivity Value of Managed Services Legislation Private Cloud IT Assessment PowerPoint Display Specifications Cookies Cables Budget Teamwork IT Consulting Procurement Migration eWaste Credit Cards Cybercrime Cyber security Samsung WPA3 Return on Investment Bluetooth Operations Options Telephone Recovery SharePoint Digital Payment Hotspot Vulnerabilities Gamification Superfish Managed IT Service CRM Mail Merge User Error Bookmarks ROI Managing Stress Digitize Fleet Tracking Zero-Day Threat Black Friday Nanotechnology Wires Shared resources Going Green Cyberattacks Social Chatbots Computers Database Management Settings Personal Information Mobile Device Management Mirgation Windows Server 2008 5G Mobile VoIP Downloads Customer Service Mouse Language Mobile Computing Bitcoin Websites Break Fix Wearable Technology Star Wars Content Filtering Manufacturing Vendor Address Favorites Spam Enterprise Content Management Shadow IT Virtual Assistant Printers Education CEO Students Reviews Daniel Stevens Twitter Regulation Marketing

Latest Blog

Google is the standard for online searches. It seems to be as simple as can be. Think of a question, type it in, get an answer. However, not many people likely know just how specific you can make these Google searches with just a few details. Let’s go over how to use Google ...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...