Google Chrome can now warn you before you install untrusted extensions
It’s difficult if not impossible to totally prevent your data from ever leaking online, so the best thing you can do is take steps to mitigate damage and avoid as much exposure to attackers as possible. Being careful about what websites you visit, what apps you install, and what passwords you use are all steps you can take to protect your data, but knowing what’s safe to use is not obvious to everyone. That’s why Google Chrome offers a feature called “enhanced safe browsing” which proactively warns and protects users from dangerous websites or downloads. Starting today, the feature will also warn users when they try to install an untrusted browser extension.
With the release of Chrome 83 last year, Google launched “enhanced safe browsing” to give users more proactive and tailored protection from web-based threats. “Enhanced safe browsing” later came to Android with the release of Google Chrome 86 late last year.
When the feature is enabled, Google Safe Browsing checks the websites you visit and the files you download against its online database to determine if they’re dangerous. It also warns you if any passwords you’ve saved to Google Chrome have been exposed in a data breach, and it also automatically disables any installed extensions that Google has deemed malicious.
According to Google, users who enabled “enhanced safe browsing” are successfully phished 35% less often than other users. Google says that the number of malicious extensions that Chrome disabled in 2020 grew by 81%. Now, to give “enhanced safe browsing” users peace of mind when installing a browser extension from the Chrome Web Store, Google Chrome will show a dialog informing them if the extension is trusted. Google says that developers who follow the Chrome Web Store Developer Program Policies will have their extensions trusted by “enhanced safe browsing,” but it could take months for extensions to be trusted from new developers. Currently, 75% of all extensions on the Chrome Web Store are compliant, but Google expects that number to grow.
Another new feature coming to “enhanced safe browsing” is the ability to send a potentially dangerous file to Google Safe Browsing for analysis. Chrome will currently block files from being downloaded if Google Safe Browsing thinks they’re clearly unsafe, but for those files it deems are potentially risky, users will instead be given a warning and an option to upload the file for a more in-depth analysis. Chrome’s first-level check uses metadata about the downloaded file, while this more in-depth analysis uses “static and dynamic analysis classifiers in real time”. “After a short wait”, Google says, Chrome will display a warning “if Safe Browsing determines the file is unsafe.” However, users can still bypass the warning if they trust the download.
These changes to “enhanced safe browsing” are arriving as part of the Chrome 91 update which started rolling out to users last week. Users can enable “enhanced safe browsing” in Chrome settings as follows:
- On PC: Settings > Privacy and security > Security
- On Android: Settings > Privacy and security > Safe Browsing