Chrome extensions are enormously popular because of the fact that this is the sort of thing that could potentially end up allowing you to obtain a superior user experience. However, Oren Koren, best known as the co-founder of a cybersecurity firm named Veriti, claims that we should all delete every single extension that we might have on Chrome.
It turns out that practically ever Chrome extension out there utilizes the notorious API known as chrome.webRequest, courtesy of CRXcavator. With all of that having been said and now out of the way, it is important to note that this API gives extensions the ability to monitor each and every thing that you end up doing online.
It’s not just the extension that is being used at that precise point that is the problem, either. Even if it is safe, issues in the supply chain could put the whole thing at risk with all things having been considered and taken into account. There are five main types of data that the use of this API can allow extensions to obtain access to without users realizing what is truly going on.
Firstly, browsing data will become a great deal easier to intercept than might have been the case otherwise. Encrypted browsing data is a whole separate category, since despite the encryption this API gives extensions complete access to it. Thirdly, log in credentials could end up getting exposed, and malicious actors may even be able to get unauthorized access to your files.
Also, various sensitive file paths that only you should have knowledge of could potentially be disclosed, as would the internal resources surrounding them. Finally, organizations that use web services could get severely compromised if even one system on their network has a Chrome extension that grants access to this API.
Ad blockers are perhaps the most prevalent types of Chrome extensions, but hackers can break into them and get all of the data they would ever need. The risks are far too dire, which is why this cybersecurity expert recommends that you avoid using Chrome extensions unless they are absolutely necessary for you.
Read next: New Alert Issued As AI Can Now Decode Users’ Keystrokes While Typing Sensitive Data During Calls
It turns out that practically ever Chrome extension out there utilizes the notorious API known as chrome.webRequest, courtesy of CRXcavator. With all of that having been said and now out of the way, it is important to note that this API gives extensions the ability to monitor each and every thing that you end up doing online.
It’s not just the extension that is being used at that precise point that is the problem, either. Even if it is safe, issues in the supply chain could put the whole thing at risk with all things having been considered and taken into account. There are five main types of data that the use of this API can allow extensions to obtain access to without users realizing what is truly going on.
Firstly, browsing data will become a great deal easier to intercept than might have been the case otherwise. Encrypted browsing data is a whole separate category, since despite the encryption this API gives extensions complete access to it. Thirdly, log in credentials could end up getting exposed, and malicious actors may even be able to get unauthorized access to your files.
Also, various sensitive file paths that only you should have knowledge of could potentially be disclosed, as would the internal resources surrounding them. Finally, organizations that use web services could get severely compromised if even one system on their network has a Chrome extension that grants access to this API.
Ad blockers are perhaps the most prevalent types of Chrome extensions, but hackers can break into them and get all of the data they would ever need. The risks are far too dire, which is why this cybersecurity expert recommends that you avoid using Chrome extensions unless they are absolutely necessary for you.
Read next: New Alert Issued As AI Can Now Decode Users’ Keystrokes While Typing Sensitive Data During Calls
