Chrome extensions can be wonderful. These can add great functionality to the Chrome browser. Unfortunately, Chrome extensions can also be used by those with ill intent. Recently, we have seen a rash of employees having trouble with their browsers due to installing a Chrome extension. Many of these users didn’t even realize that they installed the extensions. For instance, I received this email just the other day:
FYI
When I posted my blog today, three advertisement links popped up
For some reason my browser has been acting up and will not let me go to google images. Can I please get this fixed? It says “web page blocked” when I try to open a new tab in chrome.
Installed extensions (Ads)
Here is a list of some extensions that employees have installed:
- Ad Offers by GameDaddio
- Ad Offers by GamesChill
- Ad Offers by MapsScout
- Advertising by Entrality
- Advertising Offers by PlayZiz
- ArcadeFiesta Advertising
- ArcadeFrontier Ads
- ArcadeStar Advertising
- Ball Pin Pal Ad
- Battle Terrain Advertising
- BoredPlay Advertising
- BrainyZanyGames ads
You can see a general trend here (and we didn’t even make it out of the B’s).
Why is this a problem?
Ad sites frequently send the user to a different place. As you can see from the emails above, this can lead to frustration. This is also a potential security risk. As the bad actors get more sophisticated, the potential for harm increases.
Approved Extensions – Students
Currently, extensions must be approved prior to students installing them. We publish a list of the approved extensions for students on the Technology Blog.
Checking for Extensions:
You can easily check to see which extensions you have installed.
- Click on the three buttons in the top right-hand corner of the Chrome browser (to the right of your picture/avatar)
- Select “More tools…”
- Select “Extensions” from the pop out
This will open a new page. This page will list all of the extensions that you have installed. The page of extensions will also allow you to remove any extensions that you don’t want (unless the extension is District installed). The example below is an example of 1Password as an extension (note the “Remove” button).
*1Password is a “paid for” extension that I purchased.
District Installed Extensions
The District can “force” install extensions. The only one that we are currently installing is Clever.
District Approved Extensions
In addition to the Student Approved Extensions, we are currently comfortable with the following:
- Google Cast for Education – allows teachers to have students screen share to a projector (via desktop)
- WAVE – review ADA compliance of a website
- Hypothes.is – annotation for the web
We will be reviewing Extensions over the next few months.
Apps vs Extensions
Just to confuse things more, individuals can also install Chrome Apps. Although these will appear similar, extensions enhance the Chrome browser. Apps run within the browser. For your purposes, you can consider them the same.
Changes this Summer
Starting this summer, all extensions will need to be whitelisted in order to be installed. This will include staff as well as students. Starting this summer, any Chrome extension (or App) not approved will be removed. Currently, we are reviewing the extensions and Apps installed by all users.
Action for YOU to Take
- Review the extensions that you have installed.
- Remove extensions that you don’t need or want.