Malicious Chrome Extensions

Chrome Extensions installed via the Chrome Web Store undergo basic security testing before being approved to be listed to the public. This review process does include both automated and human conducted tests to ensure that each extension is safe and respects users' privacy. Unfortunately, this review process is not perfect and there have been several instances of malicious Chrome Extensions slipping through the cracks.

To Google's credit, they have been hard at work to implement additional restrictions in Chrome Extensions that were often exploited to weaponize Chrome extensions, such as the ability to load external JavaScript from a location that cannot be inspected by Google. 

Locating Potentially Malicious Chrome Extensions

If you feel that you might have a malicious Chrome Extension installed on your machine, you can take the following steps to view and remove any extension installed. One of the key advantages of ChromeOS is that all malicious code would be confined to the extension, so once a malicious Chrome Extension is removed, no further action would be needed to neutralize the threat. 

1) Open the Chrome Extension Manager by entering the following URL into the Chrome Address Bar

chrome://extensions

2) Examine the list of Installed Chrome Extensions and remove any extension that you suspect is malicious or you no longer have need for. If you suspect that a Chrome Extension may be malicious, you will have the option to report the extension, which will prompt a review by the Chrome Web Store Security Team.