Chrome Protector notifies you if you are running malicious extensions


Chrome Protector

Most Internet users do not expect that extensions that they install from official repositories can contain malicious code, either directly upon installation, or later on when they are updated.

Usually, that code is used for monetization purposes and not for the distribution of malware or other malicious activities.

News made the rounds recently that companies that are in the trade approach extension developers to acquire their extensions. If the developer agrees, ownership of the extension changes for hundreds if not thousands of Dollars.

Some time later, the very same extension is updated by the new owner with new code that may track users when they browse the Internet, inject ads on web pages, or add so-called affiliate links to pages.

This happens automatically, usually, and without notification. Since it is unlikely that many users of the extension would agree to being tracked or the extension to display ads or plant affiliate links on websites, it is usually the case that these new monetization options are opt-out, meaning they are turned on by default.

I have described previously how you can protect yourself from these extensions in Firefox and Chrome.

The new Chrome Protector extension for Google Chrome has been created as a response of the recent news. It currently checks the installed extensions and will inform you if a malicious extension has been found.

How that is done? Currently by a blacklist.It is regularly updated based on user reports, the author's on research, and alerts posted on Reddit.

The author seems to have plans though to expand on this later on in development, and this is where it could get interesting. For instance, one option could be to monitor extension ratings and verify extensions if ratings drop in a short amount of time.

Read also:  Experience a Web without Net Neutrality in Chrome

While that means that the extension is not protecting you from new malicious extensions in real-time, it could reduce the time it takes before you are aware that something is not right.

While it may make sense for some to install the extension and keep it installed, it may make sense for others to install it only once or occasionally, at least for the time being.


If the author of the extension could add features to it that would improve its usability, like monitoring store rating changes, comments, extension updates and "known" developers, it could very well become a must-have extension for Chrome users who use many extensions.

For now, it is a nice concept extension that may have its uses for some users.

Update: The extension has been renamed to ExtShield - Stops Malicious Extensions. We have updated the link so that it points to the correct page on the Chrome Web Store now. An update will be released soon according to the author which warns users when they try to install one of over 100 adware, spyware or malware extensions that are currently available in the web store.

Update 2: The latest version of Shield for Chrome -- yes another name change -- can now also monitor website behavior, and blocks the Chrome bug that allows sites to listen in on conversations.

Please share this article


Filed under:

Responses to Chrome Protector notifies you if you are running malicious extensions

  1. ned the impala January 21, 2014 at 2:16 am #

    I'd like to know if there's an equivalent for Firefox. Firefox is my default browser, because it's not [yet, though it IS about to be] FUBAR.

  2. Anon January 21, 2014 at 3:00 am #

    It's looks like this extension is from the makers of DoNotTrackMe extension. The reviews state it was updated with malware. And both extensions link to the same website.

  3. InterestedBystander January 21, 2014 at 5:26 am #

    Well. It's getting to be quite a rodeo out there! Any sign of a movement toward an open-source repository for ethical extension developers? FOSS with something like SourceForge for apps, browser extensions, and plug-ins?

  4. Zinc January 21, 2014 at 11:20 am #

    So is it legit or not?
    No dev listed...only 2 reviews...

    Looks like someone left a wooden horse at the gates.

    • Martin Brinkmann January 21, 2014 at 11:24 am #

      It is not clear yet. It may be legit, but the dev has made some unfortunate choices such as adding permissions for features that are not implemented yet.

  5. joebatch January 21, 2014 at 4:21 pm #

    Martin,This is why I go to your e-mail first before I do anything on line. I trust you to keep me up to date and informed to protect and keep my computer working. I'm also grateful to your readers for their comments and updates. This program would be better than sliced bread,I wish I had the brains to think of it,however I will wait for your update on rather to download this or not.

  6. Bobby Phoenix January 21, 2014 at 6:16 pm #

    Link is not working.

  7. Johnny1 January 21, 2014 at 7:07 pm #

    Looks like Chrome Protector has been taken down from the app store.

    • Martin Brinkmann January 21, 2014 at 7:31 pm #

      Seems to have been taken down by the author. He mentioned on Reddit that the extension was renamed, maybe that is the reason?

      • Johnny1 January 21, 2014 at 8:09 pm #

        Maybe Google objected to the use of "Chrome" in the add-on's name.

      • Martin Brinkmann January 21, 2014 at 9:09 pm #

        You are right, Chrome was the problem. It has been renamed and is available again.

  8. Sylvio Haas January 21, 2014 at 10:06 pm #

    Martin, isn't this the same as "Should I Remove It"?
    The new name seems to be ExtShield. Is that right? Tks.

  9. ned the impala January 22, 2014 at 2:46 pm #

    I use noscript when using Chrome. Using Chrome Protector at the same time causes certain pages to refresh infinitely, adding Rs and !s to the url, while the noscript drop-down defaults back endlessly to everything blocked. Elements requiring scripts don't load. I've disabled it.

    • ned the impala January 22, 2014 at 2:54 pm #

      this hosted image shows what i mean

  10. gorhill January 22, 2014 at 4:23 pm #

    I wouldn't trust this until the extension javascript code is completely de-obfuscated. I attempted to de-obfuscate the code, and the resulting code is still is impossible to make sense of. Given the circumstances, hiding the code for such an extension is the worst approach a developer can pick.

  11. John Browers January 24, 2014 at 4:38 am #

    I just found another extension that does the same exact things, but is way more professional and less sketchy as the one you posted about here.

  12. Johnny1 January 24, 2014 at 2:00 pm #

    It is ironical that it extensiondefender reports "MultiLogin" extension by the author of ExtShield as malicious................

    • Zinc January 25, 2014 at 3:04 am #

      +1 for using "ironical"...

  13. Tricky February 8, 2014 at 12:15 am #

    KIS 2013/14 is deleting the extensions file: check.min.js
    Identified as: trojan-downloader.js.agent.gwr

    Can someone run virus total and post a link?

  14. Johnny1 February 19, 2014 at 8:15 am #

    Then what should we do if the extension is a virus/malware itself?

Leave a Reply