Chances are, you have Google Chrome installed on one of your devices. You might even be reading this article in the Google-built web browser right now. Chrome is the most popular browser on the planet, with an estimated 3.45 billion users worldwide. That makes it a very popular target for hackers.
To protect yourself from the criminals lurking in the shadows trying to steal your passwords and other personal data — you only need to ask yourself one question, security expert Danny Jenkins told GB News.
A former hacker himself, Danny Jenkins co-founded security firm Threatlocker back in 2017 to evangelise his deceptively simple approach to cybersecurity: zero trust.
GB News was on the ground in Orlando, Florida at the ThreatLocker Zero Trust World 2025 conference, where the latest techniques being used by hackers and cyber-criminals were exposed
GBN
The British chief executive, who now lives in Florida — the state where his company holds its annual Zero Trust World conference to bring together thousands of professionals tasked with keeping businesses safe from hackers to learn about the latest techniques, wants people to always consider the worst-case scenario.
Zero Trust is a security model based on never trusting any software or website by default. Instead of installing an antivirus, forgetting about it, then forging ahead to click any link that catches your eye or download applications from unknown developers willy-nilly — start from the assumption that you do not need to take the risk and see if the benefits of the software or website you're considering can convince you otherwise.
If the millions of people who rely on Google Chrome every day took on this approach, we'd all be a lot safer.
"Here's a terrifying thought — every Chrome extension you install has the potential of seeing all of the passwords for every website you visit," the ThreatLocker CEO exclusively tells GB News during a conversation in the hours before the biggest Zero Trust World conference to date kickstarts.
"One of the things that we do with our customers is tell them the Chrome extensions they have installed and all of the permissions they have. We don't say whether they're misusing this information."
Danny Jenkins, who started his career writing malware during his teenage years in the UK, now serves as chief executive of ThreatLocker — a security firm that over 50,000 organisations rely upon to stay safe
THREATLOCKER PRESS OFFICE
To illustrate his point, Danny Jenkins highlights a popular Google Chrome extension known as Coupert.
This popular application is available to download from the Chrome Web Store, the official marketplace for third-party extensions for the web browser, and boasts over 6 million users worldwide. Once installed, it searches for discount codes, cashback schemes, and other savings for the items in your basket when shopping online.
"Save your time and money when shopping online," the listing for the app promises.
When working with new customers to methodically go through every piece of software and Chrome browser extension installed to work out whether the risks are worth the reward... ThreatLocker often comes across single-use shopping apps like Coupert
GOOGLE CHROME WEB STORE
"We see Coupert a lot," Danny Jenkins continues. "Now, I'm not saying that Coupert is bad, but this is the question that we ask our customers — you have a coupon tool made in China that'll save you 20 cents on your next Amazon order ...and in exchange for that, it can see all of your passwords.
"Do you trust this company not to steal your data?
"Of course, the answer to that is a business decision. 'Is it worth me saving 20 cents to potentially give my passwords to China?'. For me? The answer is always 'no'."
While the "zero trust" approach is more common in businesses — ThreatLocker alone protects over 50,000 organisations worldwide — the same "trust nobody" way of thinking should apply to the millions of people who rely on applications, like Google Chrome, on their personal devices outside of work too.
Danny Jenkins continues: "The same question should be asked about Grammarly, which can see all of your passwords on every website that you go on. What is the risk versus the reward?
"Grammarly is a US company, pretty well respected, it'll help me deliver correct spellings and good content ...but is there a risk that someone working at Grammarly could steal my bank password? Yes.
"Do I think the business rewards outweigh the risk of them stealing my password? In many cases, the answer to that question will also be 'yes'. So that's the question you always have to ask — is the risk worth the reward? I think the coupon clipper from China is too risky for not enough reward."
LATEST DEVELOPMENTS
- Virgin Media users can claim £200 off their bills or a FREE 4K TV
- Best VPN deals
- Most complained-about UK broadband brands shamed in Ofcom report
- iPhone 16e announced with lower price and 'best battery life ever'
Danny tells me that he doesn't use Grammarly either. When I tell him that I'll be using the popular extension in my Google Chrome browser to put together an article about our conversation, he reminds me of the questions that we should all be asking ourselves before clicking Install on any new piece of software.
"If you're using it — I'd be asking yourself those questions. It's probably low risk, but what could they possibly get from my browser? Well, they could get my bank password, but can you steal my money with just my password? I have dual-factor authentication on my bank account, so probably not.
"You've just got to ask yourself those questions."
