Skip to main content

Apple @ Work: Keeping macOS free from malware means keeping Chrome free from rogue extensions

Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.

I recently discussed Apple’s Endpoint Security API and praised it as a well-designed security implementation that allowed IT to have a stable fleet of devices while end-users have a great experience. This week, I wanted to highlight one of the most significant sources of “malware” on macOS and how to resolve it. Let’s talk about the growing problem of Chrome malware from extensions that create user confusion, cause security risks, and more.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


Safari does provide a great browsing experience that’s tighly integrated with macOS apps, works great with Apple Pay, and is generally up there with the fastest browsers on the market. Apple has done an excellent job of enticing developers to build extensions for Safari as well. Chrome is still a favorite for many users thanks to its deeper compatability with Google Workspace and the large ecosystem of extensions.

Chrome Malware

The problem with the large ecosystem of Chrome malware from extensions is that they can often do things the user didn’t expect. A good example is if an extension claims to be a PDF editor but then forces a user into a search engine or homepage they weren’t expecting. It’s obvious what’s happening here: a free extension makes money by skimming ad clicks/views on search engine usage. It’s usually buried in the terms that this will also happen. Here’s a typical example of things that can occur with rogue extensions:

  • Ads and new tabs that won’t go away
  • Chrome homepage or search engine keeps changing without your permission
  • Unwanted toolbars keep coming back even when you remove them
  • Your browsing is hijacked and redirects to unfamiliar pages or ads
  • Pop-up alerts about a virus or an infected device

In all my years in IT, I’ve dealt with more problems with Chrome malware from extensions than I ever did with actual macOS malware. It’s effortless to install extensions through pop-up ads, so it just ends up happening. Some of these extensions are straight-up malware, while others hide what’s happening. One of the worst examples I’ve seen is the “SearchMine” malware that pretends to be part of the Chrome Management experience for Google Workspace accounts.

How to best manage Chrome at work

Chrome Management is an extension of your device management. You may decide not to install Chrome on your devices and not allow it, which would be a perfectly reasonable approach. If you want users to stick with Safari on macOS as their primary browser, they’ll likely be fine, especially if you are using Microsoft 365; Safari probably should be your browser of choice for work usage. If you’re using Google Workspace, I understand that users might prefer Chrome for working with Google Docs, Google Spreadsheets, Google Slides, etc.

This is where you’ll want to ensure all Chrome instances are managed. Many Apple device management providers are now offering Chrome management as part of a total solution. Google supports setting chrome://policy via MDM, and it’s generally going to be best practice. If you’re going to allow Chrome, either have a list of allowed extensions that can be installed that is set via a policy of ban extensions completely.

If you can get Chrome configured where you don’t have rogue extensions floating around, you’ll end up in a much healthier spot. Dealing with Chrome malware starts with having the proper Chrome management.

Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications