Are your browser extensions safe?

Are your browser extensions safe?

Browser extensions are small application modules that you can install to customize or improve the functionality of web browsers like Mozilla, Chrome, and Opera. There is an extension for practically any purpose today, whether it’s taking full-page screenshots, blocking annoying ads, checking grammar and spelling, or collecting website analytics, among others. Versatile, convenient, and intuitive, extensions improve the browsing experience for users.

This doesn’t mean you should install just about any browser extension you come across. Not all extensions are created equal and installing some may even result in a cyber incident. In 2020, for instance, cybersecurity provider Kaspersky revealed how cybercriminals hijacked unsuspecting users’ Chrome browsers using popular extensions like SaveFrom and FrigateCDN.

Not all extensions are created equal and installing some may even result in a cyber incident.

How do you avoid dangerous browser extensions?

The quick answer is to download extensions only from legitimate sources, such as the Chrome Web Store and Firefox Browser Add-Ons site. Extensions listed on these websites are regularly reviewed by the browsers’ developers to minimize the risk that the extensions that you install will pose a threat.

The review process, however, is not perfect and a few malicious extensions do end up being listed anyway. Some extensions may also contain previously unknown flaws in their code, which cybercriminals may exploit to turn once-harmless software into a cybersecurity risk. In fact, the extensions that Kaspersky flagged as vulnerable were legitimate ones with millions of users. This only proves how important it is to carefully examine all extensions before installing them, even when they’re listed on reliable websites.

How do you know a browser extension is safe to install?

Looking at the following can help you determine whether it’s safe to use an extension:

Listing

Read the extension’s description to get an idea of how the app works. Note that although some descriptions may have grammatical and spelling errors, this doesn’t necessarily mean the extension itself is problematic, but that the developers probably aren’t native English speakers. Instead, look for inconsistent descriptions and screenshots as these could indicate hidden functionalities and other potential issues.

Developer

Most extension descriptions provide the developers’ contact information or the links to their website. Those that don’t have these usually provide an FAQ about their software. These give you more information about both the developers and their products and are a sign that the extension is reliable.

Reviews

If the extension has been around for some time, its listing should have reviews from other users that talk about its trustworthiness, functions, and flaws. But reviews may not always be true or reliable. If you want to know whether reviews are fake, watch out for these red flags:

  • The reviews are all five stars.
  • Many are posted on the same dates.
  • The reviewers have usernames made up of random letter-number combinations.
  • The reviews look similar to each other.
  • There are only a few reviews or the reviews are all recent.

Privacy policy

Most concerns regarding the safety of extensions have to do with how these applications handle the data they collect from users. Take the time to go over an extension’s privacy policy. As it’s usually a long document, use Ctrl + F in Windows or Command + F in Mac to search for words like “data,” “track,” “personal,” or “collect,” among others. These words are usually found in statements relating to what type of data the extension collects about you. If you’re uncomfortable with the information being gathered, then you should avoid the extension.

Permissions

An extension that requires access to data and functionalities that are unnecessary for it to function as described in its listing could be trouble. For example, an extension that changes your browser’s theme or other visual components shouldn’t need to “Communicate with cooperating websites.” This kind of permission allows the extension to gather your information and send it to another website, which could lead to data theft.

If you want to protect your data, you should install extensions with care. Unfortunately, cybercriminals are finding new ways to make malicious extensions appear trustworthy or exploit legitimate ones for illicit purposes.

A good rule of thumb is to not install extensions in your browser unless you know that the extension is safe and is absolutely necessary. If in doubt, don’t install the extension!

Our cybersecurity experts at Fidelis can assist you if you have questions or want to review extensions that you have installed. We stay updated on the latest cyberthreats, so we can help you identify which extensions you may want to avoid and which ones can benefit your business. Better yet, we’ll also work with you in implementing measures to maximize your company’s cybersecurity posture.

Learn what mistakes can make your business more susceptible to cyberattacks by downloading this free eBook today.


For many businesses, complying with the GDPR’s specific data security and privacy requirements may sound daunting, but it doesn’t have to be. Our eBook Navigating the Data Privacy Labyrinth: A Guide to GDPR Compliance can simplify your compliance journey.GRAB YOUR FREE EBOOK HERE!