Risk analysis
What are the risks Chrome-Stats risk analysis?
Chrome-Stats evaluates and shows the risk analysis for each extension, allowing you to quickly determine the relative risk of an extension before installing it.
What is Risk Impact?
Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.
Here are the different risk impact categories:
[0] Very low risk impact: Extension is safe to use. It does not request any sensitive permissions.
[1] Low risk impact: Extension is relatively safe to use as it requires very minimum permissions.
[2] Moderate risk impact: Extension may not be safe to use and it requires some risky permissions. Exercise caution when installing the extension. Review carefully before installing.
[3] High risk impact: Extension is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing the extension. Review carefully before installing. We recommend that you only install extension if you trust the publisher.
[4] Very high risk impact: Extension is very risky to use and it requires a lot of sensitive permissions. Avoid installing the extension unless you absolutely trust this publisher.
What is Risk Likelihood?
Risk likelihood measures the probability that an extension may turn malicious. This is determined by the publisher and the extension reputation on the Chrome Web Store, the amount of time the extension has been around, and other signals about the extension.
AdBlock, for example, has a very high risk impact due to the amount of permissions it is requesting, but it has a very low risk likelihood because it is so widely used and has been around for a long time with very positive reputations.
Here are the different risk likelihood categories:
[0] Very low risk likelihood: Extension has earned a good reputation and can be trusted.
[1] Low risk likelihood: Extension has earned a fairly good reputation and likely can be trusted.
[2] Moderate risk likelihood: Extension is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this
[3] High risk likelihood: Extension may not be trust-worthy. Avoid installing if possible unless you really trust this publisher.
[4] Very high risk likelihood: Extension is is very likely to contain malware and should not be trusted. Avoid installing.
Should I install high risk extensions?
An extension might be classified as high risk impact if it requests some dangerous permissions. However, this does not necessarily mean that the extension is malicious. They may simply need those permissions in order for the extension to work. There are a number of widely used extensions out there that might be classified as high risk but are not malicious at all.
However, there are organizations out there that are actively reaching out to extension developers to establish partnerships or purchase existing extensions. While some extensions may be safe to use today, there is no guarantee that they will be safe in the future. A high risk impact extension, when turned malicious, can do significantly more damage than a low risk extension, often time without the user noticing at all.
Extensions with low risk likelihood may be less likely to turn malicious, but this is not an absolute guarantee. An extension may be sold or hacked by malicious developers, turning it into a malware that can inject ads, steal your data, or change your search engine, etc.
Last updated