Typically I don't spend my time documenting what I would think is common sense, but I found an issue close to my heart worth diving into. I wrote a Google Chrome extension the other day and was so amazed how easy Google had made it. I mean it was literally copying web code into the right file and hitting publish. Now while I marvel in the fact that I can write Chrome extensions with ease, I also get uneasy as anyone (even with the most basic of HTML knowledge) can write an extension for anything.

This is where I get scared. You can write an extension for anything. Well not so bad because Google has some approval process you need to go through. Oh wait, it doesn't. When you hit publish the extension goes out to the world and into your browsers. Alright, so you can write extensions with little to no experience, and skip an approval process, big deal. No, huge deal. I did some searching and found a few banking extensions that almost knocked me off my chair. Not only did they get installs and reviews, but they were also written by coolGuyz72@gmail.com.

Coolguy whatever could literally be shipping your credentials off to anywhere he wants as you login to your banking extension. You can't see the source and with Google's model, you can have cross domain calls (literally just set a permission), so what is stopping someone from harvest. I guess there is the report abuse link on Google, but how would anyone know? How often does Google check these extensions? Rather then wait and watch others upload whatever banking extension they wanted, I decided to jump in and create my own.

I give you the Wachovia Personal Finance Services Google Chrome Extension. Attached are some screenshots for those who don't want to go check the extension out. Now before anyone freaks out I want to point out that the extension is NOT malicious in any way. In fact it should help educate the not so wise. How? Well, when a user clicks login, they get a nice informative message explaining why not to use extensions from third parties and to be smart. I can only hope the extension is not removed by Google. I am sure some will find it annoying, others may actually get mad, but someone needs to point out the issues with these extensions because right now it is a free-for-all.