A Chrome extension, Facebook Red, has been found tricking users with offer to customize Facebook layout. With access to all the data on all websites, this extension asks users to participate in certain surveys before they can use the features. Thus, the developer of the extension collects users’ browsing data and makes money through the illegitimate way. Of course, it does not change the Facebook layout.
Thankfully, the Facebook Red extension has been removed from the Chrome Web Store. In past, many such cases have been reported where a Chrome extension was involved in malicious activities including tracking users’ browsing activities.
Google has already implemented various changes to ensure safe and secured extensions, like disabling the third-party sources and silently-installed bundled extensions. Chrome team also claims to analyze every extension hosted on the Chrome Web Store (CWS). Though this is surprising, as the above extension was hosted on the CWS.
Chrome extension APIs are already highly sandboxed, and provide a limited access to the browser and user data. During the installation, users are notified about the features and data access required by the extension. On the other hand, Google allows extension developers to monetize their items by injecting ads into some third-party websites with certain conditions.