Some browser extensions have been found stealing and leaking private data, and might even be putting the data up for sale. This article is written to help netizens know if a browser extension is safe or should not be used.

Cookies and email trackers aren’t the only things people have to worry about on the internet. A recent DataSpii report revealed that some browser extensions, innocent-looking as they may be, have been caught stealing private and sensitive user data that their makers can sell to interested parties.

In light of this recent worrying report, Lifehacker wrote an article about how to know if a Chrome extension is safe. The International Business Times decided to expand that article. Here’s what internet users can do to know if their Chrome extensions are safe for use, shouldn’t be installed or should be removed without delay.

How to know if a browser extension is safe

As indicated in the DataSpii report, not all browser extensions are bad. There are extensions that can actually be used to check if certain extensions shouldn’t be used for privacy and security purposes. One of these is Chrome Extension Source Viewer, a lightweight tool that can detect potentially malicious extensions that can do things like execute remote codes.

Remote code execution, according to Tech Target, is “the ability an attacker has to access someone else's computing device and make changes” regardless of location.

Internet users will be able to know if an extension can be used to do this using the Chrome Extension Source Viewer. Here’s how:

Step 1: Add Chrome Extension Source Viewer to Chrome.

Step 2: Go to a suspected extension’s Chrome Web Store page, then click on the “CRX” button on the top right side of the screen. It’s located next to the URL bar.

Step 3: Click on “View Source”.

Step 4: Wait for the page to load, then locate the file named “manifest.json” on the left side of the screen. Click on it.

Step 5: Press Ctrl+F and type “unsafe-eval”. The presence of “unsafe-eval” on the extension’s source code indicates that the extension can be used to execute source code.

Alternatively, those who wouldn’t want to install the Chrome Extension Source Viewer tool can do the following:

Step 1: Go to https://robwu.nl/crxviewer/

Step 2: Go to a suspected extension’s Chrome Web Store page, copy its URL, then paste it on the box indicated on the CRX Viewer website.

Step 3: Follow Steps 4 and 5 above.

Google Chrome At a recent competition held in Chengdu, China, hackers showed vulnerabilities that allowed them to easily break into Google Chrome, Microsoft Edge, and Safari browsers. Photo: Simon/Pixabay