New Free Tool Scans for Chrome Extension Safety (Beta)
From the Duo Security Web Site:
To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security reports.
The Chrome extension permission model asks the user to approve permissions, and people will often grant permissions to extensions without much consideration.
Even if a security team has approved an extension, its functionality can change over time, often without notice. One scenario where this applies is if a malicious third party were to gain control of the extension, perhaps by buying it from the developer or compromising the developer’s account. The third party could add malicious code and push the new version out to existing users without triggering another security review. Manually reviewing every update to extensions allowed in an organization’s domain is not feasible for most security teams.
Direct to CRXcavator
Hat Tip: Dark Reading
About Gary Price
Gary Price (firstname.lastname@example.org) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com.