Web browsers such as Google Chrome, Firefox, Safari and Edge, among others, play an essential role in enabling access to websites on the internet. Most browsers allow users to install extensions, also referred to as add-ons or plug-ins. These extensions are applications or small software modules that add functionality and other useful features to a browser.
By means of the extensions, users can carry out various tasks such as password management, cookie management, ad blocking, interface modification, productivity tracking, grammar and spell-checking, etc.
However, although the extensions offer different useful functionalities, cybercriminals have taken advantage of them, creating a security risk to users and their data.
The Need to Beware of Browser Extensions
Browsers enable websites to collect information such as viewing history, adding cookies, etc. Also, when installing the extensions, some require to be allowed various permissions, like the ability to read or change data. For instance, according to a recent study by Talon, a digital security company, most Chrome Web Store extensions (62.43 percent of extensions) require dangerous permissions, including permission to read or change user data and activity. This means that an extension can see the sites visited, keystrokes, login credentials and private data, such as payment card details.
Since this information is readily available on a user’s web browser, cybercriminals can use a malicious extension to collect the data for their gain. At the same time, the data collected is sold without user consent or knowledge and used by third-party data brokers to send users tailor-made ads.
Although not all browser extensions are a security risk, some might be built to impersonate legitimate extensions, especially those from third-party resources. In other cases, legitimate extensions have been compromised or bought by a developer who uses them for malicious purposes.
Some browser add-ons are built to download malware onto your device, redirect search traffic to malicious websites or download ad ware and Trojan horse viruses.
The extensions can automatically update without requiring any action from a user. This means that if a legitimate extension is compromised, it can be used to install malware without user knowledge. Even secure extensions are prone to attacks or can be compromised, enabling attackers to gain access to data stored by browsers.
Additionally, malicious extensions can be built to bypass fraud detection by official Web stores. For instance, in 2020, Google removed over 500 extensions from its web store that violated policies, with some already having infected users and stolen their data. This followed the discovery of some malicious extensions that users had already downloaded.
A recent report released by Kaspersky, a cybersecurity firm, shows just how dangerous malicious add-ons are. After the firm analyzed data from January 2020 to June 2022, it discovered that over this time frame, 4.3 million users were attacked by adware hiding in browser extensions. This put adware as the highest representative of browser extension risks, with malware coming second. The report also indicates that Kaspersky products prevented more than 6 million users from downloading adware, malware or riskware disguised as browser extensions.
Such figures from just one cybersecurity firm are worrying, considering the study focused only on users that use their security solutions. This creates a need for users to be more vigilant when using browser extensions.
How to Make Sure Browser Extensions Are Safe
There are various ways to help reduce the risks posed by browser extensions:
Browser extensions play an important role in the user browsing experience. Although not all extensions are dangerous, users must conduct due diligence to ensure they install legitimate extensions.