Chrome vs. Firefox Extension Security
November 5, 2012 2:12 PM   Subscribe

Please help me understand the difference (or non-difference) in safety for Firefox vs. Chrome browser extensions (plugins/add-ons).

I'm about ready to move to Chrome for various reasons, but when I go to install (on Chrome) Chrome's versions of some of the extensions I was using on Firefox, some of the extensions give me a warning message about various types of personal data the extension would expose to the extension developer. A friend suggested that Firefox extensions do the same thing, but that Firefox isn't as good at warning you about it.

I've read some explanations of the Chrome warnings already--this Google forum thread includes a good explanation of the Chrome side of things--but I'm really wondering about how Chrome's security in terms of extension data sharing differs from Firefox (or any other browser). I'd feel better sharing data with trusted plugin developers if I know that this data sharing is necessarily occurring in every browser and isn't just a flaw of the Chrome set-up.

Thank you!
posted by pavane to Computers & Internet (3 answers total)
Best answer: Your friend is correct. All Firefox extensions have full access to all pages that you access. Chrome has more granular settings and notification for what extensions may access, e.g., they may choose to limit themselves to certain domains.

This is (mostly) not a huge issue because most extensions for both Firefox and Chrome are written in Javascript, so their code can audited relatively easily. Bad extensions (mainly those that insert ads into pages) do sometimes creep in, however.
posted by zsazsa at 2:28 PM on November 5, 2012 [1 favorite]

Best answer: Here's an example from last year of a Firefox extension that silently logged all sites visited and sent them to the extension maker, in order to provide ranking data for their search engine. Apparently after this behavior was discovered, they included the ability to disable it.

So there is no difference between the two if you tell a Chrome extension that it can access all data on all pages. And in order for many, if not most useful extensions to work, they do need that level of access. The only "flaw" in the Chrome set-up is that they actually tell you the potential data access level an extension is asking for.
posted by zsazsa at 2:39 PM on November 5, 2012 [1 favorite]

Response by poster: Great, that is exactly what I wanted to know. Thank you both for your answers! Chrome ahoy!
posted by pavane at 2:49 PM on November 5, 2012

« Older I know not EVERYONE is a me...   |   What to do after falling out with friend? Newer »
This thread is closed to new comments.