Why you should be suspicious of web browser extensions

An illustration of a laptop with a web browser open loading content, with a red triangle containing an exclamation point at the upper right corner of the screen.Many of us rely on one or more browser extensions to make our lives easier. They can help you manage your passwords, block ads, translate text, manage tasks and more. However, as convenient and useful as they might seem, these add-ons aren’t always harmless and can be a “privacy nightmare,” as one How-To Geek article states.

What is a browser extension?

In a nutshell, a web browser extension is software that adds supplemental features or functionalities to whichever browser you’re utilizing, according to the Berkeley Information Security Office. Extensions got their start in 1999 with “Explorer Bars” in Internet Explorer, according to the How-To Geek article “What Is a Browser Extension?” Firefox, Opera, Chrome and Safari enabled extensions in the 2000s. Today, you’ll find thousands available for the main web browsers.

Why are web browser extensions a potential cybersecurity risk?

Extensions commonly have extensive access to every site you visit and can subsequently harvest tons of data, How-To Geek explains. That includes any passwords or information you type into online accounts and forms in addition to your browsing habits. While extensions aren’t guaranteed to lead to security issues, their data collection capabilities mean you should be incredibly cautious about installing them.

Here are just a few examples of security incidents stemming from extensions:

    • In 2017, the developer of the Web Developer extension for Chrome took the bait in a phishing scam, and the hacker uploaded a malicious version of the software that displayed more ads on websites, according to How-To Geek. Because Chrome automatically updates installed extensions, what you thought was a safe extension can get replaced by infected software in scenarios like this.
    • More than 80 million users fell for fake Chrome ad blocker extensions that inserted ads into Google search results, according to an August 2020 blog post from AdGuard.
    • Millions of people had their browsing history harvested and exposed because of the DataSpii privacy problem with Chrome and Firefox browser extensions, according to Ars Technica.

This is far from an exhaustive list. Overall, extensions have enormous potential to spy on you, insert ads or carry out even more nefarious actions.

How to make sure your browser extensions are safe

You can take the following steps to minimize your chances of experiencing security issues related to web browser extensions, according to Berkeley, How-To Geek, and KrebsonSecurity.

    • Do your research before installing an extension. Is it from an established and trusted developer? Be sure to check out the reviews as well.
    • Utilize as few extensions as possible. Don’t leave anything you no longer use or need installed.
    • Review the permissions for your extensions carefully and uninstall any that suddenly ask for more access for no good reason.
    • Never install an extension solely to view content on one specific website.

An image of a blank browser window containing the following quote from Brian Krebs: "Given the high stakes that typically come with installing an extension, consider carefully whether having the extension is truly worth it."

Ultimately, the best way to avoid a security snafu stemming from a browser extension is to rely on this type of software as little as possible and to be incredibly cautious when you do so.

If you’d like to learn more about minimizing your cybersecurity risk level, our advisors can refer you to leading security solution suppliers in our partner network. For details, please give us a call at 877-599-3999 or email sales@stratospherenetworks.com.

Contact Us

We will handle your contact details in line with our Privacy Policy. If you prefer not to receive marketing emails from Stratosphere Networks, you can optout of all marketing communications or customize your preferences here.