Google's Chrome extension store is said to be dominated by just a handful of popular applications, with the majority of its application selection having fewer than 1,000 installs, according to a new study.
Figures released from Extension Monitor show that although Chrome now boasts over 1 billion extension installs, only 13 apps have over 10 million installs each.
Of the 188,000 extensions that make up the store, it's believed as much as 87% of these have fewer than 1,000 installs, including 24% that have either one or zero installs. The figures also show that around half of all extensions have been installed less than 16 times.
Security was a common theme identified when looking at the most downloaded extensions - adblockers, antivirus applications, password managers and VPNs dominated the list of most popular extensions. Other prominent categories included communications and shopping.
Well-known apps such as Grammarly, Adblock, Honey, Avast Online Security, Skype and Google Translate dominated the top spots. LastPass and Google Hangouts were among the apps just shy of the 10 million mark.
The 10 million club:
- Cisco Webex Extension
- Google Translate
- Avast Online Security
- Adobe Acrobat
- Grammarly for Chrome
- Adblock Plus - free ad blocker
- Pinterest Save Button
- Avast SafePrice
- uBlock Origin
Even though a large proportion of extensions have a comparably low install-base, it's the extensions in this bracket that are often the most malicious, which collectively can still target a large number of users. Last month we reported that some Google Chrome extensions harvest user data as part of a "murky data economy" and then sell that data onto Fortune 500 companies.
The scheme was thought to have affected up to 4 million users across the various extensions, most of which had thousands of installs each, although some exceeded one million. The sensitive data was then accessible by anyone who was willing to pay a fee as small as $49.
In response, Google pointed users to its policy changes made in June 2019 and how it plans to make the Chrome Web Store more secure, a policy that's since been slammed by the Electronic Frontier Foundation (EFF).
The organisation said that the changes would do nothing to secure the Web Store as they don't address the APIs used by extensions to aggregate and sell data. Instead, the EFF claims Google should simply enforce existing policy properly.
"Ultimately, users need to have the autonomy to install the extensions of their choice to shape their browsing experience, and the ability to make informed decisions about the risks of using a particular extension," said the EFF. "Better review of extensions in Chrome Web Store would promote informed choice far better than limiting the capabilities of powerful, legitimate extensions."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.
An open source challenger to GitHub Copilot? StarCoder2, a code generation tool backed by Nvidia, Hugging Face, and ServiceNow, is free to use and offers support for over 600 programming languages
Lenovo's new sustainability program looks to extend device lifecycles