1
00:00:00,000 --> 00:00:05,040
One of the most useful things about modern web browsers is their support for extensions,

2
00:00:05,040 --> 00:00:12,880
whether it's automatically finding coupon codes, it's not coupon, it's coupon, cleaning up your experience on social media,

3
00:00:12,880 --> 00:00:17,040
automatically filling in passwords, or blocking ads and cutting into our revenue.

4
00:00:17,840 --> 00:00:22,400
There's a ton of extensions out there that can make your life a little bit better.

5
00:00:22,400 --> 00:00:26,480
But with so many extensions floating around and trying to get you to install them,

6
00:00:26,560 --> 00:00:32,080
security is a legitimate concern, especially since many extensions aren't exactly from

7
00:00:32,080 --> 00:00:36,560
big-name developers that you would immediately recognize and know whether or not to trust.

8
00:00:37,280 --> 00:00:42,720
So to address this, Google uses security vetting for extensions with both manual human review

9
00:00:42,720 --> 00:00:48,240
and automated methods based on algorithms, similar to how smartphone apps from the Play Store have

10
00:00:48,240 --> 00:00:54,640
to be approved before they're available for public download. But with over 180,000 extensions

11
00:00:54,640 --> 00:01:01,040
currently available through the Chrome Web Store, certain poorly and maliciously coded extensions

12
00:01:01,040 --> 00:01:06,720
slip through the vetting process from time to time. Again, LOL, just like the apps.

13
00:01:06,720 --> 00:01:10,320
Attackers who want to use extensions to steal information know this,

14
00:01:10,320 --> 00:01:15,600
and in fact, back in 2018, Google announced that it was going to beef up its review practices

15
00:01:15,600 --> 00:01:21,120
after it was found that one in ten submissions to the Web Store contained malicious code.

16
00:01:21,120 --> 00:01:27,040
The idea was that Google would make its approval process more stringent by cracking down on obfuscated

17
00:01:27,040 --> 00:01:31,680
code. In other words, when developers made the code deliberately hard to understand,

18
00:01:31,680 --> 00:01:37,520
possibly to hide some sort of CD functionality. Google also reigned in how many permissions

19
00:01:37,520 --> 00:01:42,320
extensions were granted by default in an attempt to prevent them from reading or modifying user

20
00:01:42,320 --> 00:01:49,840
information in a surreptitious manner. However, the Web Store still has problems. In June 2020,

21
00:01:49,840 --> 00:01:54,720
it came out that one particular form of spyware that hid in browser extensions had been downloaded

22
00:01:54,720 --> 00:02:00,560
nearly 33 million times. That's almost one download for every person here in Canada.

23
00:02:01,200 --> 00:02:07,200
These extensions secretly contained keyloggers and other code that harvested login credentials,

24
00:02:07,200 --> 00:02:12,960
as well as information copied to the Windows clipboard. And ironically, many of these extensions

25
00:02:12,960 --> 00:02:16,800
claimed to give users a heads up when they were visiting risky websites.

26
00:02:17,520 --> 00:02:22,720
Others masqueraded as file converters, and it can indeed be tricky to convert from one file

27
00:02:22,720 --> 00:02:27,840
format to another, so it's easy to understand the appeal. So what can you do to protect yourself

28
00:02:27,840 --> 00:02:34,160
when you're hunting for a useful extension? Number one is to keep in mind that most of those 180,000

29
00:02:34,160 --> 00:02:41,040
plus extensions have very small user bases. In fact, over 85% of extensions have fewer than

30
00:02:41,120 --> 00:02:48,080
1000 installs worldwide. And it's far more likely that compromised extensions will be part of this

31
00:02:48,080 --> 00:02:53,200
mass with very small user bases to pick through them and monitor them and figure out if there's

32
00:02:53,200 --> 00:02:58,000
something wrong. So if you're trying to pick between several extensions that all appear to offer

33
00:02:58,000 --> 00:03:03,040
very similar functionality, it's not a bad idea to stick with the ones that have lots of positive

34
00:03:03,040 --> 00:03:09,440
reviews as a quick way to avoid problems. Another sound strategy is to limit your exposure by asking

35
00:03:09,520 --> 00:03:14,400
yourself whether you really need a particular extension in the first place. Like don't get me

36
00:03:14,400 --> 00:03:20,560
wrong, some extensions that manage your tabs or give added functionality to specific websites

37
00:03:20,560 --> 00:03:26,880
are extremely useful and can't really be replicated. But if you just want to be served inspiring quotes

38
00:03:26,880 --> 00:03:32,880
or get reminders or convert files like we mentioned before, those are things that can all be

39
00:03:32,880 --> 00:03:37,840
accomplished through just browsing the web or using a program that you can download to your

40
00:03:37,840 --> 00:03:42,400
computer. Again, please make sure you find a reputable one. Additionally, be sure to have a good

41
00:03:42,400 --> 00:03:47,680
hard look at the extensions page before you download it. Extensions that are really just vehicles

42
00:03:47,680 --> 00:03:52,080
from malware can often have clunky looking interfaces and poorly written descriptions

43
00:03:52,080 --> 00:03:57,520
riddled with grammatical errors, similar to what you might see in a spam email or on a phishing page.

44
00:03:57,520 --> 00:04:02,160
Now, of course, we expect Google to improve its vetting procedures, especially because it's kind

45
00:04:02,160 --> 00:04:06,000
of a bummer that we're going to lose some of those diamonds in the rough if we say,

46
00:04:06,000 --> 00:04:12,000
hey, just make sure you only install mainstream extensions. But sometimes in life, you've just

47
00:04:12,000 --> 00:04:16,800
got to put your own safety first, lest you end up like that poor fellow who lost over 100 grand

48
00:04:16,800 --> 00:04:22,320
worth of Bitcoin thanks to a shady crypto client extension. Maybe I should just go back to stuffing

49
00:04:22,320 --> 00:04:28,160
all my cash into my mattress. It's very comfortable. Thanks for watching, guys. Like, dislike,

50
00:04:28,160 --> 00:04:32,160
check out our other videos, or leave a comment if you have a video suggestion for something you'd

51
00:04:32,160 --> 00:04:36,480
like to see here on TechWiki. If you haven't already subscribed, make sure you do that,

52
00:04:36,480 --> 00:04:39,280
because otherwise ants are going to bite you.