Web browsers such as Google Chrome, Firefox, Safari and Edge, among others, play an essential role in enabling access to websites on the internet. Most browsers allow users to install extensions, also referred to as add-ons or plug-ins. These extensions are applications or small software modules that add functionality and other useful features to a browser.
By means of the extensions, users can carry out various tasks such as password management, cookie management, ad blocking, interface modification, productivity tracking, grammar and spell-checking, etc.
However, although the extensions offer different useful functionalities, cybercriminals have taken advantage of them, creating a security risk to users and their data.
The Need to Beware of Browser Extensions
Browsers enable websites to collect information such as viewing history, adding cookies, etc. Also, when installing the extensions, some require to be allowed various permissions, like the ability to read or change data. For instance, according to a recent study by Talon, a digital security company, most Chrome Web Store extensions (62.43 percent of extensions) require dangerous permissions, including permission to read or change user data and activity. This means that an extension can see the sites visited, keystrokes, login credentials and private data, such as payment card details.
Since this information is readily available on a user’s web browser, cybercriminals can use a malicious extension to collect the data for their gain. At the same time, the data collected is sold without user consent or knowledge and used by third-party data brokers to send users tailor-made ads.
Although not all browser extensions are a security risk, some might be built to impersonate legitimate extensions, especially those from third-party resources. In other cases, legitimate extensions have been compromised or bought by a developer who uses them for malicious purposes.
Some browser add-ons are built to download malware onto your device, redirect search traffic to malicious websites or download ad ware and Trojan horse viruses.
The extensions can automatically update without requiring any action from a user. This means that if a legitimate extension is compromised, it can be used to install malware without user knowledge. Even secure extensions are prone to attacks or can be compromised, enabling attackers to gain access to data stored by browsers.
Additionally, malicious extensions can be built to bypass fraud detection by official Web stores. For instance, in 2020, Google removed over 500 extensions from its web store that violated policies, with some already having infected users and stolen their data. This followed the discovery of some malicious extensions that users had already downloaded.
A recent report released by Kaspersky, a cybersecurity firm, shows just how dangerous malicious add-ons are. After the firm analyzed data from January 2020 to June 2022, it discovered that over this time frame, 4.3 million users were attacked by adware hiding in browser extensions. This put adware as the highest representative of browser extension risks, with malware coming second. The report also indicates that Kaspersky products prevented more than 6 million users from downloading adware, malware or riskware disguised as browser extensions.
Such figures from just one cybersecurity firm are worrying, considering the study focused only on users that use their security solutions. This creates a need for users to be more vigilant when using browser extensions.
How to Make Sure Browser Extensions Are Safe
There are various ways to help reduce the risks posed by browser extensions:
- Ensure the extension is from an official web store. Since these extensions can also be compromised, it is best to find out more information about the developer.
- Check reviews as they help to know what other users think of the extension and if there have been any complaints. However, users should be cautious of identical comments or too many 5-star reviews, as these could be fake.
- Check whether the extension is updated regularly. An extension last updated many years ago might not be reliable.
- Review extension permissions for each extension.
- Check that you are not installing clones of the original extension. For instance, if you search for an extension, you can find other similar ones that look legit.
- Uninstall browser extensions that you don’t recognize or those you no longer need.
- Use browsers that have the features you want.
- Install reliable antivirus software that will help spot malicious activities or applications.
Conclusion
Browser extensions play an important role in the user browsing experience. Although not all extensions are dangerous, users must conduct due diligence to ensure they install legitimate extensions.
48 Comments
Rusty Mandelberg · January 31, 2024 at 8:44 am
Outstanding feature
Scottie Uzzell · February 6, 2024 at 12:27 pm
great article
Mqsugy · March 12, 2024 at 6:54 pm
order lipitor 10mg online atorvastatin 40mg cost buy lipitor sale
Wozvah · March 15, 2024 at 12:07 am
order cipro 500mg online – ethambutol 600mg usa augmentin order online
Ueeszg · March 15, 2024 at 5:45 pm
order ciprofloxacin 1000mg – buy cephalexin without prescription buy augmentin 375mg pill
Mwggdc · March 18, 2024 at 8:46 am
ciprofloxacin us – cheap chloromycetin buy erythromycin 500mg online
Qlhgko · March 18, 2024 at 1:36 pm
cost metronidazole – cleocin online buy zithromax 500mg tablet
Qswtnw · March 20, 2024 at 12:13 pm
ivermectin 6 mg without prescription – buy sumycin generic sumycin where to buy
Lvlzqr · March 20, 2024 at 7:22 pm
buy valtrex 1000mg generic – order diltiazem online cheap order zovirax 800mg online cheap
Idasvo · March 22, 2024 at 12:24 pm
buy flagyl generic – amoxicillin where to buy zithromax for sale online
Okieho · March 22, 2024 at 2:51 pm
buy ampicillin paypal buy ampicillin buy amoxicillin
Bnctdt · March 24, 2024 at 10:13 am
order lasix 100mg pills – candesartan buy online order capoten online cheap
Zdvygg · March 26, 2024 at 7:57 am
cost metformin 1000mg – buy cipro pills for sale lincocin online buy
Ofjzji · March 28, 2024 at 1:48 am
retrovir 300 mg usa – buy zyloprim 300mg
Nrdgjp · March 28, 2024 at 6:09 pm
clozapine 100mg over the counter – order accupril 10mg famotidine price
Dhyfhf · March 30, 2024 at 10:16 pm
seroquel 100mg usa – buy generic ziprasidone order eskalith sale
Fqjmqs · March 31, 2024 at 12:30 pm
buy generic anafranil – anafranil medication cost sinequan 25mg
Ffsdfk · April 1, 2024 at 4:28 pm
purchase atarax pills – purchase buspirone for sale order endep 10mg without prescription
Iykpru · April 4, 2024 at 2:24 pm
augmentin 625mg over the counter – myambutol cheap buy ciprofloxacin generic
Uyenct · April 5, 2024 at 8:36 am
order amoxil – brand cephalexin 250mg ciprofloxacin online buy
WiÄ™cej informacji · April 5, 2024 at 12:34 pm
Excellent write-up
WiÄ™cej szczegółów · April 6, 2024 at 12:16 am
Outstanding feature
vpn coupon code 2024 · April 10, 2024 at 2:55 am
I know this website offers quality based content and additional data, is there any
other website which presents such stuff in quality?
My web-site vpn coupon code 2024
Dycgtp · April 10, 2024 at 2:11 pm
order zithromax 250mg online cheap – buy sumycin 250mg sale order ciprofloxacin online
Nkujku · April 10, 2024 at 9:50 pm
buy cleocin no prescription – cefpodoxime usa buy chloromycetin online cheap
Csxyhs · April 13, 2024 at 7:12 am
purchase stromectol – order generic aczone buy cefaclor cheap
Wmnduc · April 14, 2024 at 11:54 am
ventolin 4mg price – seroflo online order theo-24 Cr online order
Vicgxo · April 16, 2024 at 8:22 am
buy depo-medrol without a prescription – how to get azelastine without a prescription azelastine order online
Xhjhyh · April 18, 2024 at 6:30 pm
buy generic glyburide – order glyburide 2.5mg without prescription buy dapagliflozin generic
Obixfq · April 20, 2024 at 12:06 pm
metformin 1000mg over the counter – losartan 25mg generic purchase acarbose online
Wtvili · April 20, 2024 at 11:39 pm
purchase prandin generic – where can i buy jardiance order empagliflozin 25mg without prescription
Lqujwg · April 23, 2024 at 10:54 am
purchase semaglutide without prescription – buy generic rybelsus desmopressin sale
Tiyxlt · April 23, 2024 at 1:55 pm
order terbinafine 250mg for sale – fulvicin drug griseofulvin pills
Uchocv · April 25, 2024 at 5:50 pm
buy ketoconazole – purchase ketoconazole itraconazole 100mg cost
Tevqky · April 26, 2024 at 12:43 pm
order famciclovir 250mg without prescription – zovirax 400mg usa buy generic valcivir
Fjuoiu · April 27, 2024 at 8:44 pm
order lanoxin without prescription – order verapamil 120mg online cheap purchase lasix pills
Txjjpb · April 29, 2024 at 4:15 pm
buy lopressor 50mg pills – inderal online order cost nifedipine 10mg
Dlfytw · April 29, 2024 at 10:15 pm
buy microzide without a prescription – hydrochlorothiazide tablet bisoprolol pill
Rihkcj · May 1, 2024 at 9:55 pm
buy nitroglycerin pills – valsartan 80mg for sale cheap diovan 160mg
Fijbsp · May 4, 2024 at 12:59 pm
rosuvastatin pills pierce – ezetimibe buy stomach caduet good
Lhrwjn · May 4, 2024 at 1:09 pm
simvastatin tread – gemfibrozil smell atorvastatin capital
Wqyszc · May 6, 2024 at 6:39 pm
viagra professional shadowy – kamagra happy levitra oral jelly online brandy
Wnyfkm · May 7, 2024 at 3:40 pm
priligy leave – priligy thump cialis with dapoxetine each
Ikbwql · May 9, 2024 at 10:10 am
cenforce spray – cheap tadalafil brand viagra pills pattern
Mgficr · May 10, 2024 at 7:33 am
brand cialis noble – forzest test penisole those
Wspiai · May 12, 2024 at 5:46 pm
brand cialis mill – zhewitra yeah penisole march
Pzggdp · May 12, 2024 at 8:05 pm
cialis soft tabs pills occasion – cialis super active peak1 viagra oral jelly online argue
Sjaxte · May 15, 2024 at 3:19 pm
cialis soft tabs pills nature – cialis soft tabs friendship viagra oral jelly rule