A Closer Look on Browser Extensions and How They Can be A Threat

The phrase “Google It” has become part of the language, demonstrating just how dependent we are becoming on using browsers to find out things and communicate with each other. We tend to be a bit complacent about Online Security if we are only browsing, and not using financial sites or downloading material. After all, don’t most browsers tell you if a website is a bit dodgy?

That’s ignoring the browser extensions working away in the background.

A vanilla browser is fine, but an industry has built up around browser extensions that ease some common tasks associated with browser use. Examples include bookmark management, password vaults, and assistance with searching.

Popular browsers

As with most things, the bad comes with the good. Some browser extensions are not what they seem. In addition to the advertised function, they carry out other tasks in the background, sometimes ok, but sometimes malware-related without the user’s knowledge and certainly without their permission. Sometimes they inundate you with advertising. Hence the need to be more vigilant around Online Security.

Browser Extensions often have access to all your online activity. As a result, they can record your login and financial credentials and track your manoeuvering around the Net.  By having that tracking information, they can insert “relevant” advertisements into the webpages you go to. If they have access to your financial information that is a very serious risk indeed.

They typically access your browsing history and can alter some browser settings. There have also been reports of their changing website content and adding and modifying user interfaces. The real nasties install themselves without letting the user know and make it very difficult to remove them later.

Extensions have access

They may have access to your email and contact information, and send spam messages to all your contacts. Do you wonder sometimes why you have started receiving a lot more spam recently?

They may have access to your Facebook or LinkedIn credentials and post spam to your friends and groups allegedly from you.

Another consideration is that of online privacy. Many sites use the so-called tracking cookies, and some sites, Google and Facebook, for example, record the sites you visit and what you do when you visit them.

They claim that they use the information only to be able to provide you with advertising that more closely reflects your interests. However, it is generally accepted that tracking information is sold, and often sold to shady organisations. Extensions can be hijacked, so one that you consider safe becomes a malware carrier after an update.

Browser extension

Another issue is the transfer of an extension to a new owner/developer. It sometimes happens that the developer of an extension wants to cash in on the success of their extension, so they sell it to another organisation. The new owners update the extension to display advertisements and start tracking usage. You are only aware of this when the new version is downloaded as an update.

This can be a very subjective area, relating to individual perceptions of privacy and what is, and what isn’t acceptable. What cannot be disputed however is that the amount of individual personal information gathered and sold is increasing at a great rate.

Users must consider Online Security before adding browser extensions.

Minimising Risks

Minimising Risk

  • You should take a look at the browser extensions you have installed from time to time, and remove any that you no longer use. Check that the extensions you want to keep haven’t been sold on.
  • Trust. Use only extensions from people you trust. An extension for Google or Microsoft is almost certainly ok. One from an anonymous developer might be ok but is more likely not to be. Don’t assume that an extension from a store is ok. Apple dropped 300 that they consider dodgy.
  • Permissions. The installation process often asks for permission to do certain things, for example modifying website content. Study the request carefully and if there is anything there you think is not needed, don’t install the extension. That is also even truer if an upgrade asks for additional permissions.
  • Do the review regularly. Updates and modifications may change an extensions behaviour and make it more likely to record tracking information or carry malware.

Browser extensions can be a real boon, but you need to be careful and watchful.

Leave a Reply

Your email address will not be published. Required fields are marked *