Browser Extensions: Are They Safe?

Most of us know what a web browser is. If anyone does not know, the browser is the program we use to log on to the Internet (the most popular browsers are MS Edge, Google Chrome, Firefox, etc.) Browsers use extensions – special small software modules that configure them. Typically, extensions allow you to extend browser functionality or add features such as ad-blocking, page styling, custom script, or cookie management.

The extensions were originally conceived1 as tools for more convenient interaction with sites. For example, they can remove undesirable elements on the site, such as advertising, or disable autoplay videos. They can also allow you to download videos from sites where this function is not provided, translate the text into another language, check the text for errors, add additional panels bookmarks to the browser, etc.

Can Browser Extensions Hack You?

Are browser extensions safe? – you might ask. Well, yes. But actually, no. It depends on the type of extension and the permissions granted to it. The main danger is the extensions that have more permissions.

On the one hand, most extensions do not require many permissions to perform their tasks, and browsers will learn to control these permissions. For example, some can only work on specific sites, and some need a click on the extension to run.

Malicious add-ons stats
Statistics of malicious/unwanted add-ons, according to our own data

On the other hand, the problem is that most extensions do have permission to work on all sites and full access to everything, which can cause serious security problems.

If cybercriminals need to hack someone, they can use a browser extension to fulfill some of their goals. Usually, the victims, without suspecting, download extensions for browsers or mobile applications that already contain malicious code.

How do browser extensions work?

Browser extension installation popup
Malicious browser extension tries to install.

Extensions bring additional features to the site, such as extended menus. They also disable video playback or hide unnecessary elements on the site. In some browsers, they are also called add-ons or plug-ins.

They are created mainly using languages such as HTML, CSS, and JavaScript and provided to the user as an archive, which is downloaded from the official store and installed in a single click. Some extensions were created directly by web browser developers, and third-party developers created some.

Since most extensions have partial or full access to everything you do online, they can track your browsing, capture passwords, and customize advertising based on your story.

Secure and not secure connections

However, extensions do not always gain full access themselves, and sometimes the user knowingly or unknowingly provides it. For example, if you read carefully everything they write when installing an extension, you will probably see something like “read and modify all data on visited websites.”

Most of us do not think about such messages and install extensions without considering the possible consequences.

What threats can browser extensions pose?

Below are some privacy and security issues that extensions may cause.

  • They can be potential keyloggers. It means that they can record all in-browser keystrokes. Any text you enter from the keyboard can be intercepted. Yes, logins, passwords, and other confidential data such as credit card details are all in jeopardy. The leakage of such information could have unfortunate consequences.

  • Malicious extensions can redirect traffic elsewhere.

  • Dangerous extensions can even download malware (adware, for example.)

  • Some extensions may collect browsing history and pass it to advertisers or third parties.

  • Most extensions can be automatically updated. If the official extension was hijacked and then updated on the device, you might not know.

Browser extensions are the way of possible fraud

Unfortunately, even official extension stores cannot guarantee complete security when using extensions, although they continue to struggle with this problem. Thus, in 2020 alone, Google removed 106 extensions from the store because they could steal users’ confidential data.

How to minimize the risks of using extensions

Now we know what dangers browser extensions can carry. Here are some tips that will help us minimize all risks.

  1. Try not to install many extensions. Too many installed extensions can carry a potential danger and greatly slow down the browser operation and opening sites. In addition, some extensions may conflict with each other. Modern browsers have most of the necessary features you can easily use without extra extensions, such as saving articles for later reading or case lists.
  2. Sometimes after a browser update, proper functionality of extensions is added to the browser itself so that the need for such extensions disappears by itself. In this case, it would be more appropriate to delete such an extension in order not to clutter up the browser and avoid the potential danger of a malicious plugin.
  3. Try to install extensions exclusively from official stores such as the Chrome Web Store, Mozilla, or MS Store. Do not install extensions from unreliable sources. For example, if you find an add-on on an unknown site to customize popular services like YouTube or Gmail, do not install such an extension. You have no way to verify what it is and what functions it performs. Alternatively, try to find this extension in the official store. If it is not there, take it as a clear hint that the add-on may be potentially dangerous.
  4. Check the developer of the extension. Serious developers (e.g., Google or Microsoft) always care about the security of their products. As a result, their extensions are usually safe and do not leak data to third parties. Google also uses machine learning that helps block malicious extensions and protect users, while Mozilla conducts automated validation checks on Firefox plugins. But even so, you should always be careful when installing extensions, even from trusted developers.
  5. Remove unused extensions. If you have an extension you haven’t used in a long time, uninstall it.
  6. Periodically look at the list of installed extensions and remove those you do not use. Especially pay attention to extensions from third-party developers and those that have not been updated for a long time.

This way, you will speed up your browser. If you install many extensions, periodic cleaning will help maintain your browser’s high performance.

Does Microsoft Edge support Chrome extensions?

Microsoft Edge is built on Chromium, and it supports all extensions that Chrome supports. If you need to work in Edge, you can install all the extensions you have in your Chrome browser thereon.

Be safe!

  1. You can read an exhaustive article on browser extensions on Wikipedia.

By Polina Lisovskaya

I have been working as a marketing manager for many years and I like to look for interesting topics for you

View all of Polina Lisovskaya's posts.

Leave a comment

Your email address will not be published.