Google this week offered reassurance that its review of Chrome extensions catches the most malicious code, though it acknowledged that "as with all software, extensions can also pose risks."

Coincidentally, a trio of researchers affiliated with Stanford University in the US and the CISPA Helmholtz Center for Information Security in Germany have just published an article on new Chrome Web Store data that suggests the risk of browser extensions is far greater than Google admits.

The paper, "What's in the Chrome Web Store? Examining Security Notable Browser Extensions," is scheduled to be presented at the ACM Asia Conference on Computer and Communications Security (ASIA CCS '24) in July.

On Thursday, at Google, Benjamin Ackerman, Anunoy Ghosh and David Warren of the Chrome Security Team claimed: "By 2024, less than one percent of all installations from the Chrome Web Store were found to contain malware. We are proud of this record, and yet some bad add-ons still through, which is why we also monitor published add-ons."