Malware-Addled Chrome Web Store to “Warn About Malware”.
Chrome’s extension store crawls with malware.
If you install any significant number of extensions from the store, then you will eventually have malware.
One of the more common ways to get malware from Chrome’s extension store is when a “good extension goes bad”. Extensions with many users are worth a lot of money to hijackers. Quite often they’ll pay the developer off, push out an update to the users, quietly, with the malicious payload, and then sit pretty on a fat stack of dirty money before Google gives them the boot.
Since it’s not difficult to push malicious extensions, hijack existing ones, and make new developer accounts (for five whole dollars), the malware problem with Chrome extensions probably won’t subside any time soon.
But Google claims that they’re going to run “malware scans” or something, which have never cleaned up Windows, so good luck with that I guess. This “we’ll just keep an eye on it for you with a scanner while you do loads of stupid things” “Windows-style” “security” has literally never worked, at least not reliably.
I don’t typically install extensions, and when I do they’re usually more established and open source, into my Gecko browsers (SeaMonkey, LibreWolf, Firefox ESR), and when it’s open source you can have eyes on the extension.
Google’s Chrome extension store STILL won’t even tell you which license you are agreeing to, so you are giving the author a blank check each time you install one.
Meanwhile, Google is putting much effort into crippling the extensions platform so that ad blockers and NoScript don’t work well or can’t even be made to work at all, or their own ads get a pass.
Chrome is a malicious program.
It’s basically a Trojan horse (something that appears desirable, but in fact comes packed with things you wouldn’t accept if you knew it was being done).
It’s a disaster for your privacy and security. If you’re smart, you’ll never put it on your computer. ⬆