What Risks Are Involved With Browser Extensions?

| Posted on |

What Risks Are Involved With Browser Extensions?

Browsers are the main portal through which we see the online world. Without them, the internet wouldn’t function, and neither would many cloud applications

To add more capabilities to a browser, such as a theme or an ad blocker, developers create browser extensions. These are add-ons that install into the browser. They’re not usually provided by the browser maker, but instead are often created by third parties.

While certain extensions can be helpful, there is also a risk involved with adding browser extensions. The risks can often outweigh the benefits and could result in a privacy breach of your information, a ransomware infection, or some other type of data compromise.

In 2020, researchers found that 500 malicious Chrome extensions were secretly collecting the data of users and also redirecting them to dangerous websites. 

In this article, we’ll go through the security risks involved with browser extensions, how you can tell what extensions you have (and remove them), and what to watch out for when you want to add a new extension.

Security Risks (What Can They See & Do?)

They Monitor Your Browsing & Site Visit History

Extensions are plugins that attach to your browser, and this allows them to see just about everything you do online. They can monitor your browsing history, the sites you visit, and could even include keylogging.

There is a lot of data that an extension could have access to, basically, anything you do in your browser (including online shopping and inputting credit cards). While legitimate developers will have privacy controls in place to keep your data secure, you can’t count on every extension developer playing by the rules of data protection.

Data Harvesting

There’s a saying about online tools, “If you’re not paying anything for it, then you’re the product being sold.” Data harvesting is big business and apps and extensions that collect a lot of user behavior that advertisers can leverage can make millions of dollars.

It’s important to be aware that any extensions you use could be selling your data to anyone, and that data is likely for sale to more than one party.

Behavioral Analysis

Some browser extensions aren’t just looking at where you go online, they’re looking at how you browse and your overall user behavior on a page.

What you click on, hover over, and take some type of action on is all information that can be sold to advertisers to better target you. For example, they see that you seem to react to a certain call to action message, so you’re served up more of those on connected advertiser sites.

How to See What Browser Extensions You Have Installed

Sometimes users can click and install an extension without even realizing it. They see an ad for a new “dark theme” for their home page, and don’t know that this is actually installing a browser extension that could be collecting and sharing their data.

Here’s how to see what browser extensions you have and how to delete them in the four most popular internet browsers:

Chrome

  • Open Chrome.
  • Choose the three dots at the top right and go to More tools > Extensions
  • This will display the extensions you have.
  • Click the button to remove one.

Safari

  • Open Safari.
  • Choose Safari > Preferences.
  • Click Extensions.
  • To uninstall an extension, select it and click the Uninstall button.

Edge

  • Open Edge.
  • Click the three dots and choose Extensions.
  • Click “Remove” to delete the extension.

Firefox

  • Open Firefox.
  • Click the menu button (the three lines).
  • Click Add-ons and Themes.
  • Select Extensions.
  • To remove, click the three-dots icon and choose Remove.

What to Watch Out for When Choosing an Extension

Here are some things you should watch out for when adding extensions to your web browser.

Bad Reviews

Take the time to look at reviews for the extension, and not only on the extension’s website. Often users will warn others of a bad experience, so this can be the fastest way to avoid a dangerous extension.

Check the Last Updated Date

If an extension hasn’t been updated for a year, there’s a pretty good chance that it has poor security, and the developer may have just abandoned it.

You want to look for more recent “last updated” dates, which are an indicator that the app is being actively supported.

Only Use Extensions from Official Repositories

Just like you should only download mobile apps from the official app stores, the same is true for browser extensions. Only use those that are in an official repository, such as the Chrome Webstore, Microsoft Edge Add-ons page, etc.

Are Your Business PC’s Protected from Malicious Websites?

Bad browser extensions can take users to phishing sites that download malware. C Solutions can help your Orlando area business protect against those sites by adding smart web filtering and other phishing safeguards.

Schedule a free consultation today! Call 407-536-8381 or reach us online.