{"id":12750,"date":"2018-01-30T09:00:01","date_gmt":"2018-01-30T14:00:01","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/?p=12750"},"modified":"2020-02-26T15:12:23","modified_gmt":"2020-02-26T15:12:23","slug":"browser-extensions-security","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/browser-extensions-security\/12750\/","title":{"rendered":"Why you should be careful with browser extensions"},"content":{"rendered":"

You are probably familiar with browser extensions, which most of us use on a daily basis. They add a lot of useful features to browsers, but at the same time, they pose threats to both privacy and security. Let\u2019s discuss what\u2019s wrong with browser extensions and how you can minimize the chances of one of them running amok on you. But first let\u2019s go through what exactly a browser extension is.\"\"<\/a><\/p>\n

\u00a0<\/p>\n

What are browser extensions, and why do you need them?<\/h2>\n

\u00a0<\/p>\n

A browser extension is something like a plugin for your browser that adds certain functions and features to it. Extensions can modify the user interface or add some Web service functionality to your browser.<\/p>\n

For example, extensions are used to block ads on Web pages, translate text from one language to another, or add pages to a third-party bookmark service such as Evernote or Pocket. Extensions are plenty \u2014 there\u2019re hundreds or even thousands of them, for productivity, customization, shopping, games, and more.<\/p>\n

Almost all popular browsers support extensions \u2014 you can find them for Chrome and Chromium, Safari, Opera, Internet Explorer, and Edge. They are widely available and some of them are quite helpful, so a lot of people end up using at least several extensions, and sometimes their number on one PC extends to several dozen. But, as we\u2019ve mentioned, extensions can be both convenient and dangerous.<\/p>\n

\u00a0<\/p>\n

What can go wrong with extensions<\/h3>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

Malicious extensions<\/h4>\n

\u00a0<\/p>\n

First of all, extensions can be downright malicious<\/a>. That happens mostly with extensions that come from third-party websites, but sometimes \u2014 as in cases with Android and Google Play \u2014 malware sneaks into official markets as well.<\/p>\n

For example, security researchers recently uncovered four extensions in the Google Chrome Web Store<\/a> that posed as innocuous sticky notes apps but in fact were caught generating profits for their creators by secretly clicking on pay-per-click ads.<\/p>\n

How can an extension can do something like that? Well, to do something, an extension requires permissions. Problem is, of the browsers people commonly use, only Google Chrome prompts the user to grant these permissions (or not); other browsers allow extensions to do anything they want by default, and the user doesn\u2019t have a choice but to accept it.<\/p>\n

However, even in Chrome that permissions management exists only in theory \u2014 in practice, it doesn\u2019t work. Even basic extensions usually require permission to \u201cread and change all your data on the websites you visit,\u201d which gives them the power to do virtually anything with your data. And if you don\u2019t give them that permission, they won\u2019t be installed.<\/p>\n

We stumbled upon another example of malicious extensions earlier \u2014 they\u2019ve been used by crooks to spread malware in Facebook Messenger. Here\u2019s a post about that<\/a>.<\/p>\n

Bulk messaging malware in Facebook Messenger<\/a><\/p><\/blockquote>\n