What You Need to Know About Browser Extension Risks
With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.
To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:
- saving time (e.g. Scribe, Evernote, StayFocusd);
- checking your grammar (e.g. Grammarly);
- managing your passwords (e.g. Keeper, LastPass);
- securing your online activity (e.g. DuckDuckGo, Ghostery)
Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.
Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.
If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.
That’s just the beginning
Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.
Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.
A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.
What to do about this issue
Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.
Instead, we’d recommend reviewing the safety and credibility of that extension. This means you should:
- Check to see who published the extension.
- Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
- Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
- Protect yourself with a good antivirus solution.
- Keep your antivirus solution and other software updated.
It’s also easier to stay safe by limiting the number of installed extensions you use. If you have browser extensions that you aren’t using, uninstall them. This can cut your exposure to potential threats.
Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We’ll also ensure your antivirus and software are up to date. Contact us today at (416) 645-2469 or (905) 667-0441 or email us.
Want to be notified when our next blog is posted, sign up here.