Friday, May 30, 2025
Latest:
ZDNet | Security

Is that extension safe? This free tool lets you know before you install

TH Author
laptop with caution symbol

Just_Super/Getty Images

I try out a lot of extensions in Firefox, Chrome, and Edge, both personally and professionally. But when I’m faced with an unfamiliar extension, how do I know it’s safe and secure? A new website aims to warn you about suspicious and malicious extensions before you even try to install them.

Also: 5 browser extension rules to live by to keep your system safe in 2025

Launched by browser security provider LayerX, the free ExtensionPedia seeks to help individuals and enterprises alike by identifying risky browser extensions. This online database evaluates the security of more than 200,000 extensions across Chrome, Firefox, and Edge.

Yes, browser makers do try to vet extensions before they pop up in each respective store, including the Chrome Web Store, Firefox Add-ons and Edge Add-ons. But sometimes a malicious extension can sneak past security, especially one that mimics a legitimate program.

Also: I found a malicious Chrome extension on my system – here’s how and what I did next

User ratings and reviews can also help determine whether an extension is valid and reliable. But even those may not reveal the risks and vulnerabilities a particular extension might carry.

An extra layer of information

ExtensionPedia provides an extra layer of information by pointing out which extensions are safe, risky, or malicious. The site rates each extension with a risk score and a risk level. In general, the lower the ratings, the safer the extension. You can browse listings for many popular extensions or search for a specific one by name.

As examples, ChatGPT Search earns a risk score of 1 out of 10, LastPass 2.1 out of 10, and Grammarly 1.2 out of 10. However, the risk score tells only part of the story. LastPass is cited for the permissions it requires and the vulnerabilities that could be exploited, two of which are rated critical. Grammarly also requests certain permissions and has two critical vulnerabilities.

Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more

Other extensions receive much higher risk scores. Stealthy, a Chrome extension with 100,000 users and 1,600 ratings, earns a risk score of 7.4, while Edge extension Bulk Image Downloader, with more than 100,000 users but no reviews, takes a risk score of 8. Further details round out the picture.

Stealthy gets one ding for permissions. Here, ExtensionPedia explains that this extension’s proxy permission could affect how your internet traffic is routed, opening the door for man-in-the-middle (MITM) attacks. Bulk Image Downloader receives five dings for permissions, with one critical vulnerability, one high, two medium, and one low.

Bulk Image Downloader ExtensionPedia page

LayerX

The bottom line

You’ll want to look at all the information provided for each extension, including the risk score, the reputation risk, and the permission scope.

The analysis is based on anonymous data taken from millions of browser sessions using the LayerX platform. The page for each extension also includes its store, category, last update, store link, developer, version, store rating, and number of ratings.

Also: The best secure browsers for privacy in 2025: Expert tested

“While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users’ identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover, and data theft,” LayerX co-founder and CEO Or Eshed said in a press release. “When someone installs a browser extension – either for personal or work — users and their organizations have no idea what permissions each extension has, how reputable the extension author is, and the risk profile of the extension.”

Get the morning’s top stories in your inbox each day with our Tech Today newsletter.

READ MORE HERE