Just as you need to be careful when installing new apps on your smartphone, you also need to be careful when adding new extensions to your browser, especially Google Chrome.

According to Statcounter, Chrome, with a 65% global market share, is by far the most popular browser, making it a prime target for hackers and other cybercriminals. Cyber attacks often exploit zero-day flaws in Google's browser, but there is an easier way to target Chrome users: malicious extensions.

Like malicious apps, malicious extensions can contain malware and other threats; according to a recent blog post by Google, less than 1% of the 250,00 extensions in the Chrome Web Store were found to contain malware were. However, a new research paper makes a different claim.

The research paper (PDF), published by researchers at Stanford University and the CISPA Helmholtz Information Security Center, claims that between July 2020 and February 2023, 280 million people installed Chrome extensions infected with malware.

Here's everything you need to know about malicious Chrome extensions and how to stay safe when adding new extensions to your browser. [As reported by TechSpot, researchers found that 346 million users have installed Security-Noteworthy Extensions (SNE) over a three-year period. While 63 million of these extensions were policy violations and 3 million were vulnerable, 280 million of these installations actually contained malware.

Surprisingly, many of these malicious extensions had been available for download in the Chrome Web Store for quite some time. Those containing malware remained in the store for an average of 380 days, while those containing vulnerable code remained in the store for an average of 1,248 days.

Of these malicious extensions, one called TeleApp was available for download and installation for 8.5 years. The extension itself was updated in 2013, but was eventually removed in 2022 when it was discovered to contain malware.

Normally, for apps in the Google Play store, it is recommended to check user ratings and reviews to see if the app is malicious. However, the researchers found that this is not helpful when it comes to malicious extensions, as many of them have no reviews at all. This could indicate that the user either did not know it was dangerous or did not take the time to evaluate or review it.

In this case, checking ratings and reviews in the Chrome Web Store does not seem to work, so the only way to determine if it is safe to install a browser extension is to look for external reviews. However, since browser extensions seldom receive a complete review, there are a few other things to keep in mind to be safe.

As with malicious apps, researchers have found that malicious extensions often require more permissions than necessary. If you try to install a new extension and it asks for a very large number of permissions, this is a big red flag and could be a good indication that it may be malicious.

Because many malicious extensions contain malware, we recommend using the best anti-virus software for your PC and the best Mac anti-virus software solution for your Apple computer. That way, even if the extension contains malware, the antivirus software will catch the malware before it can do any damage.

Similarly, before installing new software or browser extensions, you should first ask yourself if you really need them. In many cases, built-in software or browser features can do the same thing. If you need to install a browser extension, make sure it is from a trusted source or a well-known software provider.

Since Chrome is the largest browser, hackers will continue to try to slip malicious extensions past Google's defenses. The search giant has a dedicated security team to ensure that all Chrome extensions are not malicious. But if you want to be extra careful, the fewer browser extensions you have installed, the better.