It sounds counterintuitive, but hear me out. If you’re looking for a new browser extension to try, or you want to download one that has been recommended to you, stop using the Chrome Web Store to look for it.
While I have the utmost confidence that you, a tech-savvy Lifehacker reader, won’t get suckered by scam extensions on the Chrome Web Store, AdGuard recently reported that 300 or so rogue extensions were responsible for suckering nearly 80 million Chrome users (minus any bots).
While a number of these extensions were your typical “crappy-sounding extensions that anyone with a brain should avoid,” there were plenty that were close enough to a reasonably-sounding extension to cause issues. For example:
- Ad-block for YouTube
- Adblocker for YouTube
- AdBlock — Stop Ad on every Site
These were all bogus listings that have since been removed from the Chrome Web Store, but only because AdGuard was able to get Google’s attention. Until that point, these extension scams racked up millions of total users since whenever they launched. And none of the extensions in that list, for the record, were legitimate—the extension that you’d want is “Adblock for Youtube,” by AdRemover, but how is a regular person expected to know that?
It feels like we write this sort of story with an alarming frequency. To me, that indicates that Chrome has a reasonably sized problem on its hands within the Chrome Web Store. It feels a bit like the Wild West, where anyone can seemingly upload any extension that’s either a malware-laden clone of another one, or just the slightest bit different as to not make Google suspect there is something up.
Obviously, though, when “Adblocker,” “Ad-block,” and “Adblock” all have similar descriptions and icons, something is clearly up. But if you’re not very tech-savvy, again, how do you separate the malware from the must-have extensions?
AdGuard does a great job summarizing the guidance we’d typically offer:
- “If you’re going to install a browser extension, think again. Maybe you don’t really need it?
- Install extensions only from the developers you trust.
- Don’t believe what you read in the extension’s description.
- Reading the users’ reviews won’t help as well. Most of the malicious extensions have excellent reviews and yet they are malicious.”
And I’m pleased to see that their final point echoes what I’ve been thinking lately:
- Don’t use the Chrome Web Store internal search, follow the links on the trusted developers’ websites directly.
It feels a little weird to say that a Google entity, of all things, isn’t that trustworthy when it comes to search (and instead of using it, you should just use…Google). I wouldn’t recommend regular people use the Chrome Web Store to find anything they didn’t already know about; even then, the chance of getting caught with malware is still too great.
I mean, shoot, I just ran a simple search for “block ads,” like any normal person might, and these results all seem a little sketchy:
Don’t install from the Chrome Web Store unless you are absolutely sure that what you’re installing is a legitimate extension. To make sure you’re not tempted or fooled by any other crappy extensions, find an extension’s original developer—a website, a GitHub, a Twitter account, whatever—or a reviews site that you trust, and use the links they provide to grab your extensions from Google. You’ll be that much safer for it.