This tool allows you to check the code powering Chrome extensions
Browser extensions, like any other piece of software, can be abused or manipulated by hackers for malicious purposes. Duo Security wants to make it harder for that to happen.
The company on Thursday released a beta version of a tool, CRXcavator, that screens extensions for Google Chrome, the world’s most popular web browser, for malicious code. “As our portal to the internet, browsers represent what is likely the largest common attack surface across consumers and businesses alike,” the Cisco-owned company said in a blog post.
Extensions are handy for navigating the web, and some even offer important security features, but they can also allow third parties access a lot of user data. The new tool takes a stab at that security challenge by letting a user enter a Chrome extension and then returning a risk score for the application based on the permissions it grants on a computer.