Are browser extensions safe? – St. George Daily Spectrum

0
597

When you access a website on the internet, you generally use a tool called a browser (MS Edge, Google Chrome, Firefox, etc.).  These browsers use extensions, which is a small software module for customizing a web browser.  Browsers typically allow a variety of extensions, including user interfaces, cookie management, ad blocking, and custom scripting and styling of web pages.
While extensions are typically used to add features and enhance the functionality of a website, they can also be used to remove unwanted website elements such as pop-up ads and features such as auto-play for online videos.  For example, extensions are used to block ads on Web pages, translate text from one language to another, or add pages to a third-party bookmark service such as Evernote or Pocket.
The answer is both yes and no. It really depends on the type of extensions you are installing; the biggest security risk they pose is from permissions management.
The good news is that most modern web browsers have a permission system in place for extensions and some use very few permissions to perform their tasks. For instance, they may only execute when you click the extension itself or only run on specific websites.
The bad news is that most browser extensions have permission to run on every website and have full access to everything, which can eventually turn them into a security nightmare.
No hacking is needed for browser extensions. But hackers may not even need to spend any effort hacking into real humans’ devices. In some cases, unsuspecting humans voluntarily download browser extensions or mobile apps that are already laced with malicious code.
Yes, you can get viruses from Google Chrome extensions. Google is not effective at security, witness the 200+ million users that get viruses from apps on the Google Play Store every year.
Not only could a browser extension track every page you visit, download your passwords, and your personal information, but by downloading a dangerous extension, you could inadvertently download malware, adware, and trojan horse viruses.
Browser extensions add additional features or functionalities to a website. But they can also be tasked with removing unwanted options such as autoplay videos and other inconvenient features.
They are generally created by using known web-based technologies and languages such as HTML, CSS, and JavaScript. Some extensions come directly from the browsers like Google Chrome or Mozilla Firefox but the vast majority of extensions such as Evernote are created by third-party programmers.
Most browser extensions have partial or full access to everything you do online. This means they can track your browsing, capture your passwords, and even insert customized ads based on your browsing history.
However, browser extensions do not just get full access automatically, most of the time, we grant it to them knowingly or unknowingly. For example, if you ever pay attention while installing a browser extension in Chrome, you will see a message which will read something like: “Read and change all your data on the websites you visit.”
Most users tend to overlook such messages and install extensions anyway without understanding the implications.
Here are some privacy and security concerns that browser extensions can pose:
There is no guarantee that the safest browsers can protect your privacy when it comes to their browser extension offerings. In 2020, Google had to remove a total of 106 Chrome browser extensions from its Chrome Web Store in response to a report that they were being used to funnel sensitive user data.
Now that we know the dangers of browser extensions, you need to know how to mitigate them.
Avoid Using Too Many Extensions.  When it comes to browser extensions, less is always more so keep your list of extensions to a bare minimum.  Most web browsers come with customizable features and do not need additional extensions that were once popular, such as managing to-do lists or saving news articles for reading later. 
Since most good extensions eventually become a part of the browser itself, there is no need to add additional ones boasting the same features and expose yourself to the dangers of malicious extensions.
Install Extensions From Trusted Sources Only.  It is extremely important to only install extensions coming from popular sources such as the Chrome Web Store, MS Store, or Mozilla.  Avoid installing quick and seemingly easy extensions as there is no way to predict what type of data exploitation they might be conducting. Also, an extension created by a random stranger to customize popular services like Gmail or YouTube is a red flag and should be avoided as they can open doors for malware.
However, if an extension is coming directly from a reputable source like Google or Microsoft then it is worth a shot.  These are generally safe and not sold to third-party companies for malicious purposes.  To keep users safe, Google uses machine learning to detect and block malicious extensions whereas Mozilla conducts automated validation checks on its extensions. But again, always error on the side of caution, even with the popular browser providers.
Get Rid of Unused Extensions. If an extension has been sitting idle in your browser, then simply uninstall it.
Go through all of your browser extensions regularly and delete the ones that are no longer needed. This reduces the risk of security flaws that can be introduced through extensions especially the ones offered by third-party providers. 
By deleting unnecessary extensions, you also help your browser work better, routine cleaning of your browser is a great performance booster for your system.  Deleting browser extensions varies by browser.
It is no wonder that browser extensions play an important role in our browsing worlds.  While not every browser extension is dangerous, it is up to us to be diligent and determine the legitimacy of an extension before installing it. A good way to achieve that is by researching the extension’s publisher and their history beforehand.
Always remember to use the browser extensions sparingly and stay alert regarding the ones that you have already installed.
Microsoft’s new Chromium-based Edge browser is now the current default,  and since the new browser was built with Chromium code, it supports the same extensions you are using with Google Chrome.
Stay protected!
George Cox is the owner of Computer Diagnostics and Repair (CDAR).  He can be reached at 346-4217.

source