EasyList Forum

https://www.bleepingcomputer.com/news/security/chrome-adds-warning-for-when-extensions-take-over-your-internet-connection/

This is nice especially the notice for New Tab. I remember using Chrome for the first time and not realizing the New Tab wasn't the one of Chrome (was changed by an adware).

When it comes to extensions, only install those from the devs you trust like gorhill. Most of them tend to either collect data via GA or bundle a crypto miner or simply put adware to further their own agenda. That's the rule of thumb I go by.

Yes, this was a long time ago though

Can't know what extension is going to harm you even if you go by the rating on Chrome Webstore I recently discovered that most ratings and reviews are faked. Should only go with what you yourself trust.

I didn't mean the ratings, obviously they can't be trusted anymore. There's another way of checking an extension's true motives via a file titled "manifest.json" which is mandatory for all Chrome extensions and can be located in the installation folder of every chrome extension. Open that and see what directives are listed there along with which JSes are being instructed to load.

[mention]-Mark-[/mention] directives as in?

Also what would be the point of checking after installing the extension? If there was harm to be done it could be done as soon the extension installs. Anyway to check the manifest before installing the extension?

Edit: This seems like a good way to get the extension crx and check that before installation http://crxextractor.com/.

Also what would be the point of checking after installing the extension? If there was harm to be done it could be done as soon the extension installs.

No extension can cause harm right after installation, it needs to gather data first based on your browsing activity and that takes time, what you're suggesting would be a virus and such extensions don't make it in the approval queue itself. You can't check before because without installation your client won't download the extension itself and manifest.json is inside the extension package. You can manually download the extension if you want from third-party sites, that would be the only way if you want to do it before.

-Mark- wrote: ↑Thu Nov 09, 2017 12:38 pm No extension can cause harm right after installation

You know the extensions that hijack your new tab and homepage plus additional settings. They do the harm right after installation and these do make it to the Webstore as I have myself seen.

Yeah those ones troll you but it's not permanent as you're able to remove them via the extensions page and you can easily distinguish them even before you add them, so no that's not what I meant by harm.