ChromeStats shows a risk score for each extension, allowing you to quickly determine the relative risk of an extension before installing it. With risk break-down analysis, we will also tell you how we determine the risk level of an extension.
Risk score is available for all users, while risk break-down analysis is only available to premium members.
We determine the riskiness of an extension based on the permissions that it is requesting. We also examine its source codes for known malicious codes. We also check its reviews for fake bot reviews. If an extension publisher is a well-known corporation though, then we will give some credibility to it.
Extension risks are being reevaluated twice a day, and we are continuously refining our algorithms to spot malicious extensions more accurately and quickly.
An extension might be classified as high risk if it requests some dangerous permissions. However, this does not necessarily mean that the extension is malicious. They may simply need those permissions in order for the extension to work. There are a number of widely used extensions out there that might be classified as high risk but are not malicious at all.
However, there are organizations out there that are actively reaching out to extension developers to establish partnerships or purchase existing extensions. While some extensions may be safe to use today, there is no guarantee that they will be safe in the future. A high risk extension, when turned malicious, can do significantly more damage than a low risk extension, often time without the user noticing at all.