Is that extension safe? This free tool lets you know before you install

I check out a number of extensions in Firefox, Chrome, and Edge, each personally and professionally. However after I’m confronted with an unfamiliar extension, how do I do know it is secure and safe? A brand new web site goals to warn you about suspicious and malicious extensions earlier than you even attempt to set up them.

Additionally: 5 browser extension rules to live by to keep your system safe in 2025

Launched by browser safety supplier LayerX, the free ExtensionPedia seeks to assist people and enterprises alike by figuring out dangerous browser extensions. This on-line database evaluates the safety of greater than 200,000 extensions throughout Chrome, Firefox, and Edge.

Sure, browser makers do attempt to vet extensions earlier than they pop up in every respective retailer, together with the Chrome Web Store, Firefox Add-ons and Edge Add-ons. However typically a malicious extension can sneak previous safety, particularly one which mimics a official program.

Additionally: I found a malicious Chrome extension on my system – here’s how and what I did next

Consumer rankings and evaluations may assist decide whether or not an extension is legitimate and dependable. However even these might not reveal the dangers and vulnerabilities a specific extension would possibly carry.

An additional layer of data

ExtensionPedia offers an additional layer of data by mentioning which extensions are secure, dangerous, or malicious. The location charges every extension with a threat rating and a threat stage. Basically, the decrease the rankings, the safer the extension. You may browse listings for a lot of widespread extensions or seek for a selected one by identify.

As examples, ChatGPT Search earns a threat rating of 1 out of 10, LastPass 2.1 out of 10, and Grammarly 1.2 out of 10. Nevertheless, the chance rating tells solely a part of the story. LastPass is cited for the permissions it requires and the vulnerabilities that might be exploited, two of that are rated important. Grammarly additionally requests sure permissions and has two important vulnerabilities.

Additionally: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more

Different extensions obtain a lot larger threat scores. Stealthy, a Chrome extension with 100,000 customers and 1,600 rankings, earns a threat rating of seven.4, whereas Edge extension Bulk Image Downloader, with greater than 100,000 customers however no evaluations, takes a threat rating of 8. Additional particulars spherical out the image.

Stealthy will get one ding for permissions. Right here, ExtensionPedia explains that this extension’s proxy permission might have an effect on how your web visitors is routed, opening the door for man-in-the-middle (MITM) assaults. Bulk Picture Downloader receives 5 dings for permissions, with one important vulnerability, one excessive, two medium, and one low.

The underside line

You may wish to have a look at all the data offered for every extension, together with the chance rating, the status threat, and the permission scope.

The evaluation is predicated on nameless information taken from hundreds of thousands of browser periods utilizing the LayerX platform. The web page for every extension additionally consists of its retailer, class, final replace, retailer hyperlink, developer, model, retailer score, and variety of rankings.

Additionally: The best secure browsers for privacy in 2025: Expert tested

“Whereas browser extensions are sometimes thought-about innocent, in apply they’re steadily granted in depth entry permissions to customers’ id info and information, main hackers to make use of them as an assault channel for credential theft, account takeover, and information theft,” LayerX co-founder and CEO Or Eshed mentioned in a press launch. “When somebody installs a browser extension – both for private or work — customers and their organizations don’t know what permissions every extension has, how respected the extension writer is, and the chance profile of the extension.”

Get the morning’s high tales in your inbox every day with our Tech Today newsletter.