Recommended Chrome and Chromium security extensions -

Recommended Chrome and Chromium security extensions

Douglas Crawford

Douglas Crawford

March 12, 2014

Now it has to said that because of its 100 percent open source nature, its wealth of excellent security related extensions, and the fact that it lets you tinker under the hood, we favor Mozilla’s Firefox browser over Google Chrome (or any other browser).

However, thanks to its stripped down and intuitive interface, and its blazing fast speeds, many users are in love with Google’s browser (it is fact the world’s most popular web browser), and have no intention of giving it up, but still want to surf the web as securely as possible. One of the biggest problems here is that Chrome is not fully open source (most of it is, but proprietary elements such as the PDF viewer and build-in Flash player could contain anything, and Google is not known for they care it takes over users’ privacy).

Fortunately, as we explain here, there is an open source version of Chrome known as Chromium, which is used as the developing and testing ground for features added to the final builds of Chrome (and recent versions of Opera). We found that the Firefox version of Chromium remains somewhat basic, but the Windows desktop version is almost indistinguishable from Chrome.

So now that we have addressed the open source issue, we get on to extensions. Unfortunately Chrome (and Chromium, for which extensions are interchangeable) users, there are much fewer of these than there are for Firefox. The good news however, is that many of the best have been ported over from Firefox, and that Chrome has a few crackers of its own…

Adblock Plus –  Ad Block Plus blocks unwanted ads from  appearing in your browser window, including Facebook ads and those embedded within YouTube videos (here in the UK it even blocks 4oD ads!). In addition to this, it warns you when visiting known malware hosting websites, and disables third party tracking cookies and scripts.

Unfortunately, Adblock Plus has recently allowed some ‘acceptable’ advertising through its nets by default, although this can be fairly easily turned off by going to Adblock Plus’ Options -> Filter Lists tab and unchecking ‘Allow some non-intrusive advertising’. While there, you can also improve Adblock Plus’ capabilities by subscribing to third-party block lists, which are updated on a regular basis. We suggest those by EasyList (both the EasyList and Easy Privacy lists) and Fanboy (Adblock List, Tracking List and Annoyance Block List).

 Adblock Plus

Click & Clean – this excellent bowser cleaner will nuke every cookie, typed URL, cache item, LS0, and your Download and Browsing History at a click, effectively erasing all record of your browsing history. It has loads of funky options, and is easily configurable.


Credit Card Nanny – believe it or not, far too many websites are happy to store or send your credit card details as cleartext (often simply emailing your number, expiry date etc. to the website administrator!). This extension checks that a proper and valid SSL certificate is in place, and that information is sent encrypted.

credit card nanay

Disconnect – Our favorite anti-tracking and anti-cookie extension thanks to its up-to-date database of tracking cookies, page load optimization, secure WiFi encryption and analytics tools, Disconnect blocks third party tracking cookies and gives you control of over all a website’s elements. It also prevents social networks such as Google, Facebook and Twitter from following you so they can collect data as you surf elsewhere on the internet.


Ghostery – this anti-tracking and anti-cookie extension was a favourite of ours until the Disconnect extension came along, and is still a cracking extension.  It shows you the various elements of web page that are tracking you, and provides lots of information to help you decide what you want to block and what you don’t. Like Disconnect, it also has the benefit of being much easier to use than ScriptSafe (see below), and can be set to work in the background.


HTTPS Everywhere – HTTPS Everywhere was developed by the Electronic Frontier Foundation, and tries to ensure that you always connect to a website using a secure HTTPS connection, if one is available. This is fantastic, but just but aware that we have reservations about how SSL is commonly implanted, and it has almost certainly been cracked by the NSA. The Chrome version is in beta stage, and does not have the range of options that are available to Firefox users, but remains an essential tool. There is alternatively another similar tool available called KB SSL Enforcer, which did suffer some issues, but  which may be fixed by now, so we would be interested in hearing about users experiences with it.

https everywhere

Safer Chrome – much like Credit Card Nanny, this extension warns you when passwords are about to be sent in cleartext, rather than being sent encrypted as they should be. This is particularly important if you use the same password for various websites (as many of us do, even though we shouldn’t). Password Fail is another extension that does pretty much the same thing.

 safer chrome


ScriptSafe – probably the closest Chrome has to Firefox’s fantastic No Script (although it is not as powerful), ScriptSafe stops JavaScript iframes, plugins and other unwanted content from running in your browser. You have a great deal of control over what is allowed to run, and can easily whitelist trusted websites, but you should be aware that many websites rely on these elements to run properly, and using ScriptSafe will break them. A fairly powerful tool, using ScriptSafe requires technical know-how and continual management, so is best left to the very security conscious.

There is also another similar extension called NotScripts, but it is complicated to set up, and we could not get it to run in Windows 8.1.


Vanilla Cookie Manager – is, as the name suggests, a simple but effective cookie manager, blocking cookies by default, but allowing you to whitelist the ones you want. Because many websites simply won’t work if you block cookies, unwanted cookies are deleted whenever you close your browser or after 30 minutes (your choice).


As we have noted (hopefully not too much!), we are usually Firefox users, so we welcome suggestions, tips, and user experiences from our readers on this subject.