Google Chrome is already an extremely secure Web browser. Armed with its exploit-thwarting sandbox, Chrome remained untested at Pwn2Own this year, while other browsers were hacked within minutes.
Still, it never hurts to bolster your defenses, and there are plenty of good options for doing just that over in the official Google Chrome Extensions Gallery. Let’s take a look at nine which are well worth installing — see you after the break, Chrome fans
View Thru – The millions of short URLs floating around on Twitter, Facebook, and the rest of the Internet might be a convenience for some, but they can also be a big threat to your safety. Just like the Rickrolls of yesteryear, there are those who “poison” shortened URLs, hiding their malicious destinations behind a jumble of letters and numbers.
With View Thru installed, you’ll see a tooltip appear whenever you hover over a link, which includes the title of the destination page and its unshortened URL.
WebOfTrust (WOT) – I’ve recommended WOT for quite some time. Its community-powered ratings help surfers avoid Internet dangers through easy-to-understand color coding. Not sure if you should click that link in your Google or Bing search results? Green = go. Red = stop. Yellow = proceed with caution.
WOT even has you covered if you haplessly stumble onto a malicious site; instead of loading the page, you’ll be shown a big, blacked-out warning instead (see the header image), letting you know that other WOT users have given it a big, collective thumbs down.
McAfee Site Advisor – If you don’t recognize the WOT name and aren’t sure about its ratings, you may well want to check out McAfee’s Site Advisor extension. They’ve been in the computer security business for a long time and know a thing or two about what’s safe and what isn’t.
Unlike WOT, Site Advisor doesn’t display ratings next to all the links on a page and it will only prevent access to untrusted sites — and then only when you tell it to via the extension’s options. By default, it just displays a color-coded alert icon, so I strongly recommend making the change.
LastPass – One of the most common ways that people put themselves at risk online is poor password habits. They use the same password everywhere, and they tend to choose words which are easily hackable. LastPass helps out by making it easy to create and use different strong passwords on all of the Web sites you log in to.
All you have to remember is one well-chosen master password. From there, use the built-in strong password creator and let LastPass encrypt and store your passwords on their remote servers. Don’t worry, not even LastPass staffers can decrypt your password file. They’re safe in the cloud — and probably a lot safer than if you’ve been using Chrome’s built-in password saving feature.
PasswordFail – If it’s not a weak password getting users into trouble, there’s always the possibility of bad Web programming putting people at risk. PasswordFail will notify you whenever you happen upon a site that is known to store passwords in plain text. Why is that bad? Because if anyone every gets their mitts on the database, they’ve got instant access to everyone’s logins (instead of a bunch of usernames and password hashes).
This one is as much about getting Web sites to institute better password storage and handling procedures as it is about letting you know where to tread lightly.
KB SSL Enforcer – Plenty of popular Web sites offer more secure SSL encrypted versions of their login pages, but they don’t send users there by default. If you’d prefer to see the lock icon and https:// at the start of your Omnibar, before typing your details into Facebook, Twitter, or Google (and a bunch of other sites), check out this extension.
It works via redirection, so you’ll see the plain old http:// version of a page briefly before KB SSL Enforcer loads the secure version of the page. This is a must-have extension to bolt on to your portable Google Chrome install.
Credit Card Nanny – No one wants to have a pile of unwanted credit card charges turn up on their statement. Nanny aims to prevent that from happening by alerting you to fraudulent or risky Web checkout forms that simply zap your CC details to someone’s email inbox in plain text. It’s hard to believe some Web stores still think it’s ok to operate like this in 2010, but it’s true.
TrustGuard – One other extension to keep an eye on is TrustGuard, which taps into the customer ratings at TrustPilot.com. Think of it as WOT for Web stores. Customers submit ratings for shops, which TrustPilot then tabulates into an overall score from 0 to 10. Stores with an 8 or better get a green check.
Trust Guard takes those ratings and pops them into your Chrome Omnibar, giving you a quick heads-up about a store’s customer satisfaction. At least, it’s supposed to — I couldn’t get ratings to appear on any of the sites I tested. TrustGuard is fairly new, though, so it’s worth checking into later, especially if you do a lot of shopping online.
Update: TrustGuard’s developer has already fixed the issue!
FlashBlock – I know Chrome’s sandbox makes it particularly tricky to exploit, but that doesn’t mean I’m going to leave one of the Web’s most used attack methods to run unquestioned. Adobe Flash is used commonly by malware thugs to perpetrate drive-by attacks on unsuspecting Web users.
By letting FlashBlock stop Flash elements in their tracks, I then have the choice to load them only on sites I trust.
Got another safety-minded extension for Google Chrome that you recommend to users? Share with us in the comments!