Chrome Extensions

Owned by Sam Kardasz
Last updated: Mar 27, 2024 by Jensen Mei

The following Chrome extensions have been reviewed by our security office.

If you have questions about a Chrome extension not listed here, please submit a request to the SOM Help Desk for review.

Please include the name and the Chrome Web Store link to the extension.

Approved Chrome Extensions

Extension

Purpose

Link

Extension

Purpose

Link

Dashlane

Password management

https://chrome.google.com/webstore/detail/dashlane-%E2%80%94-password-manag/fdjamakpfbbddfjaooikfcpapjohcfmg

Five9 Softphone

Call Center Softphone

https://chrome.google.com/webstore/detail/five9-softphone-extension/ngfbofmmhadhjnlodckfafckdhmlcpeh

LastPass

Password management

https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd

Meeting Scheduler by cloudHQ

Easy meeting scheduling and meeting invitations directly from Gmail

Staffbase Email

Email Marketing

Zoom

Schedule Zoom meetings directly from Google Calendar

Grackle Docs

(Currently only enabled for Marketing team)

One Click Accessibility for Google Docs

LibKey Nomad

One-click access to millions of scholarly articles

Flashissue

Email Marketing

 

Prohibited Chrome Extensions

Extension

Reason

Extension

Reason

Google Docs Offline

  • Collects personally identifiable information (name, address, email address, age, ID number)

  • Collects authentication information (passwords, security questions, PINs)

  • Collects user activity (keystroke logging, network monitoring, mouse position)

Boomerang for Gmail

  • Requires read-write permissions to all of your emails

  • Collects personally identifiable information and email contents

  • Discloses this data to subsidiaries and contractors

  • Tracks your activity across websites

Power Tools

  • Follows the laws of the Republic of Poland, without regard for any conflict of laws.

  • The user expressly agrees that any such offer of a product or service does not constitute a legal offer capable of attracting legal consequences.

  • Collect personally identifiable information (company, name, address, email address, job title)

  • Collect user activity (IP address, browser logging, cookies, network monitoring)

  • Discloses user data to subsidiaries and contractors.

  • Use third parties to perform services for Ablebits.

  • Makes user content available to other users of the Website

Canned Responses for Jira

  • Canned Responses for Jira has no official privacy policy.

  • The developer claims that user data is not being sold to 3rd parties outside of “approved cases”.

  • The URL link provided for “approved cases” goes to a Google site for chrome developers.

  • The vendor does not define their “approved cases”, thus leaving user data exposed to 3rd parties.

Tactiq

  • No control of what Tactiq will do with the content

  • There is no assurance of privacy or security of the content it processes.

  • There is no assurance that meetings will not have HIPAA information discussed.

Video Speed Controller

  • Privacy policy does not exist, instead the privacy policy URL link goes to a GitHub code repository.

  • There is no assurance that user privacy is protected. Users have reported issues under different environments.

  • There is no user support.

Zotero Connector

  • The Zotero Connector can read and change all user data on websites visited.

  • The Zotero Google Docs plugin can see, edit, create, and delete user Google Docs documents.

  • Zotero updates their privacy policies over time.

  • There is no user notification of changes to their privacy policies, instead up-to-date information and details of new features are located on their privacy page.

  • Zotero’s privacy policy may change at any time and potentially put users at risk, without their knowledge.

https://tinyurl.com/somhelp | help@medicine.unlv.edu | 702-895-0451