It Can Read and Change All Your Data
Many extensions in the Chrome Spider web Store want to "read and change all your data on the websites yous visit". That sounds a footling unsafe—and it can be—merely many extensions just demand that permission to do their jobs.
Chrome Has a Permission System, Only Firefox and Internet Explorer Don't
Note: This piece was originally written in 2017. Since and so, Mozilla Firefox and Microsoft Edge have gained permission systems.
This may seem alarming, particularly coming from something similar Firefox. But y'all simply see this warning considering Chrome has a permission organization for its extensions, while Firefox and Internet Explorer don't. Every Firefox and Internet Explorer extension has total access to the entire browser, and can exercise anything it wants.
For example, when you install the Tampermonkey add-on in Firefox, you lot won't see a permission warning at all. But that add-on gains access to your unabridged Firefox browser.
Unlike extensions for these other browsers, though, Chrome extensions must declare the permissions they need. When you install an extension, you'll see a list of the permissions it requires and you can make an informed determination almost whether to install the extension. It's a bit like the permissions system congenital into Android.
To use the same case, when you install the Tampermonkey extension for Chrome, you'll see information nigh the permissions the extension requires.
Very simple extensions don't actually crave whatsoever permissions. For example, the official Google Hangouts extension just provides a toolbar icon you can click to open a Google Hangouts chat window. Install it, and you lot won't exist warned near any special permissions it requires.
Why Extensions Need Permission to "Read and Change All Your Data"
Endeavor to install nearly extensions, yet, and y'all'll be warned well-nigh the permissions they require. The near scary looking i is probably "Read and change all your data on the websites you lot visit". This means that the extension can view every web page you visit, alter those web pages, and even send data about that over the web.
For example, Google offers a Save to Google Drive extension that allows you to right-click on whatsoever web page or link and relieve that page to your Google Drive. The extension requires the ability to "Read and alter all your information on the websites you visit". Merely it needs this permission because, when you try to salve content, the extension must exist able to access the current spider web page and view its data.
Extensions that need to interact with web pages will almost e'er require the "Read and change all your data on the websites you visit" permission. That's why the Google Hangouts extension doesn't inquire for this permission: Information technology has no features that interact with an open web page in your browser.
Click effectually and y'all'll rapidly realize that nigh browser extensions offer features that interact with the electric current spider web page, from password managers that need to fill passwords to dictionary extensions that need to define words. That's why this permission is so common.
Extensions that only work on a single website may only crave the ability to "Read and modify your data" on a specific website. For example, the official Google Mail Checker extension requires the permission to "Read and change your data on all google.com sites".
Sure, this level of access would allow an extension capture your passwords and credit card numbers or insert additional advertisements into web pages. Merely Google doesn't know whether an extension will utilise its permissions for skillful or evil. Many popular and legitimate extensions crave this permission, as at that place's no other way they can interact with open web pages.
But, it the permission alarm makes you recollect twice before installing an extension y'all're not sure about, that'south good. That's why it's there—it'south a reminder of how much access y'all're providing to your personal data whenever you install a browser extension.
Some Extensions Have Even Broader Permissions
Extensions can asking quite a few other permissions, too. For example, the AVG Web TuneUp extension installed every bit part of the AVG antivirus requires the permission to read and change all your data on the websites you visit, read and change your browsing history, alter your home folio, change your search settings, modify your start page, manage your downloads, manage your apps, extensions, and themes, and communicate with cooperating native applications on your computer.
RELATED: Don't Utilise Your Antivirus' Browser Extensions: They Can Actually Make You Less Safe
We don't recommend using your antivirus'southward browser extensions, and Chrome'south permissions system does a adept task of showing why in this case. This extension is very invasive and requires admission to almost every part of your browser. The permissions window helps warn y'all of the permissions you lot'll be granting, and so you can make an informed decision.
Fifty-fifty the scariest browser extension doesn't have equally much access to your estimator as a desktop program would, though. Normal Windows applications accept access to your keystrokes and files, including your web browsers. That's why yous shouldn't run a desktop application you don't trust, simply as you shouldn't install a browser extension you don't trust.
Which Browser Extensions Should You Trust?
If you're giving an extension access to all the websites you visit, that extension could potentially capture your online banking passwords and credit bill of fare numbers or insert ads in the pages you view. It's just as dangerous for your web browsing information as installing a desktop plan, so you should treat the conclusion only as carefully.
In theory, browser extensions available in the Chrome Web Store, Mozilla Add together-ons website, and Windows Store are monitored by Google, Mozilla, and Microsoft, respectively. The company in accuse of the shop can remove an add-on from the store if it's doing something bad.
In reality, though, browser makers don't test every extension—or every update to a legitimate extension—to confirm it's safety. A browser maker will ofttimes only go around to removing an extension afterward it's caused problems for many people who have it installed.
If the extension requires quite a few permissions, you'll have to evaluate it like you would a desktop program. If the extension is created by a visitor you trust—similar the many extensions created by companies like Google, Microsoft, Twitter, Facebook—y'all know it's probable safe. If the extension was created by someone you don't know, exist more than careful. If the extension is established and has a large number of users, expert feedback in the store, and positive reviews on other websites, that'due south a expert sign. If it has mixed feedback or much fewer users, that's a bad sign.
If you lot're always in doubt, don't install that extension. Information technology'south best to use as few extensions as possible to go on your browser fast, anyway.
More browsers are adding permission systems, however. Microsoft Edge uses Chrome-style extensions and will warn you about the permissions the extensions crave. Firefox will also move to Chrome-style extensions in the future.
blossevillecoutiek.blogspot.com
Source: https://www.howtogeek.com/291095/why-do-chrome-extensions-need-all-your-data-on-the-websites-you-visit/