Extension Policy is a relatively new Chrome extension that vets all installed browser extensions and gives you actionable advice for each.

Chrome extensions are limited in what they can do and Chrome's extension system limits the scope to the browser. Extensions can request additional permissions -- beyond the default scope -- which is required for some functionality.

The developer of Extension Policy created other extensions prior to it and noticed that Chrome extensions could be abused for all kinds of unwanted behavior. They could be used to take screenshots of any tab open, save and place cookies, inject JavaScript, like stuff on Facebook, or visit sites in the background.

Extensions need extra permissions for that, for instance the dreaded "read and change data on all websites you visit" permission which is a blank check.

Extension Policy for Chrome

Extension Police requests only one permission and that is to control installed extensions and themes. It adds an icon to Chrome's toolbar that lists all installed extensions sorted into the two groups active and not active.

Active extensions are enabled in Chrome whereas not active extensions are disabled.

Extension Police lists extension icons and names, a security rating, and a toggle to enable or disable individual extensions when you click on the icon or disable all of them using the global toggle.

Users who have installed lots of extensions can use the built-in search to find specific extensions quickly.

Ratings range from safe to high potential risk and danger. A click on any extension reveals detailed information about the extension, its permissions, and the security rating.

Img

Extension Policy offers the following information for each installed extension:

• Lists all granted permissions.
• Interprets the granted permissions to provide a description for non-developers.
• Lists the developer name, email address, and privacy link.
• Lists users, rating and description.
• Links to the extension page, report option, and delete.

Not all extensions that the extension highlights as dangerous or a potential risk are malicious in nature or abused for marketing purposes.

Extension Policy gives uBlock Origin a high potential risk rating for instance. While that is certainly justified when you look at the requested permissions, it is not if you know the extension or the developer.

The tip to only use the extension if you trust the developer may help users form a decision.

Extension Policy audits extensions installed in Google Chrome. While that is its main purpose, it does support extension management options as well. I mentioned the ability to change the state of extensions already but also for the "secure your critical websites" feature.

You need to give Extension Policy permission to access browser tabs to use the feature. Basically, what it does is auto-disable extensions on websites you select. The main idea behind the feature is to prevent extensions to interact with certain sites open in the browser.

You could use it to block extension access to online banking, shopping, or social sites to avoid the leaking of data or misuse.

It is possible to achieve the same by accessing critical sites in incognito mode as extensions are disabled in that mode by default in Chrome. You may use a browser extensions to always open specific websites in Incognito Mode.

Closing Words

How useful is an extension like Extension Policy? It depends largely on your extension use. The extension is probably not that interesting if you are an advanced user as you probably vet extensions before you install them.

Chrome users who do not may use it to get an overview of installed extensions and may use the security ratings that Extension Policy gives to prioritize the manual vetting process.

It is not a good idea to trust the ratings blindly which means that you need to look at each extension individually anyway.