Most times, we rely on browser extensions to enhance our online experience, be it tracking an online order, translating web pages, or even blocking ads and so on. These plugins to our browser come in handy, but they can also be really dangerous.
In December 2020, as many as 3 million people were infected by Chrome and Edge browser extensions that stole personal data and redirected users to ad or phishing sites. Researchers from Prague-based Avast said they found 28 extensions for the Google Chrome and Microsoft Edge browsers that contained malware.
Also known as plug-in or add-on, extensions are a separate type of installable computer software that adds new functions to a host program without altering the host program itself. They are widely used in digital audio, video, and web browsing and some examples include AdBlock which enables content filtering and ad blocking, HTTPS Everywhere, which provides another layer of security by making websites that support the extension automatically connect through HTTPS; StayFocusd which limits the amount of time the user is allowed to spend on designated websites; Highly which allows the user to highlight webpage text and share it through social media, email, Slack or iMessage; and InVid verifier which enables users verify manipulated or faked images and videos.
Despite the terms being synonymously applied, some tech viewpoints explain that there’s a slight difference between browser extensions and plugins. While plugins add functionality and extra features to a particular webpage, extensions add functionality and features to the whole browser and change the behavior of the browser.
What Can Go Wrong With Extensions?
- They can be malicious: This happens mostly with extensions that come from third party websites but sometimes they sneak into official markets as well. For example, security researchers recently uncovered four extensions in the Google Chrome Web Store that posed as innocuous sticky notes apps but in fact were caught generating profits for their creators by secretly clicking on pay-per-click ads.
- Hijacking and buying extensions: Browser extensions are an interesting target for crooks, because a lot of extensions have massive user bases. And they are updated automatically, which means that if a user had downloaded an innocuous extension, it can be updated to become malicious; that update would be pushed to the user right away — and the user won’t notice anything at all.
- They are not malicious, but can be dangerous: Even extensions that are not malicious can be dangerous. The danger arises because most extensions have the ability to collect a lot of data about users and these are in turn sold out to third parties by some developers.
Using Browser Extensions Safely
Surely, extensions are very useful to our online experience which most times enhance our work’s efficiency and effectiveness. Here are some tips to help us use extensions safely without falling victim to any of the threats they pose:
Don’t install too many extensions: Not only do they affect computer performance, but they are also a potential attack vector, so narrow their number to just a few of the most useful.
Install extensions only from official Web stores: There, they undergo at least some scrutiny, with security specialists filtering out those that are malicious from head to toe.
Pay attention to the permissions that extensions require: If an extension already installed on your computer requests a new permission, that should immediately raise flags; something is probably going on. That extension might’ve been hijacked or sold. And before installing any extension, it’s always a good idea to look at the permissions it requires and think about whether they match the functionality of the app.
The researcher produced this media literacy article per the Dubawa 2021 Kwame Kari Kari Fellowship partnership with PRNigeria to facilitate the ethos of “truth” in journalism and enhance media literacy in the country.