Risks using browser download extensions

Brave looks like a good idea but I'm not sure I trust them especially after how they have handled the BAT token. Firefox in my opinion looks like the best option with Noscript addon and Ublock origin. Both are on Github. Two notable quotes: However, the security architecture till now has assumed that the Chrome extensions are free of bad intentions and all attacks are assumed to be derived from malicious websites, such as webpages that contain malicious JavaScript codes.

Or, maybe better said, with no security architecture! Some extensions are created with the intent to perform malicious activities. Therefore, a malicious extension might read the sensitive HTML elements such as passwords or PINs and send them back to an attack server.

One allows the extension to obtain log in, password and 2FA code, blocking access by the legitimate bank client giving them an error the website is temporarily down , giving the bad guys the ones who own the extension full access to that person's bank account. The other intercepts the transfer funds option of another major bank, and replaces the destination bank account number with one for the owner of the extension. The browser extension changes that to or whatever account they want.

As my previous link said: However, the security architecture till now has assumed that the Chrome extensions are free of bad intentions and all attacks are assumed to be derived from malicious websites, such as webpages that contain malicious JavaScript codes.

I think using any browser extension means expanding your world of trust far beyond what any sane person would do. You have to trust your browser and your operating system. Why trust random extensions? Friday, June 19, at Post Rated: 3. The other problem I normally see is coming from adverts if you click on one by mistake it can download malicious software which is why I use an adblocker. I get that using an addon does increase your web of trust creating a bigger attack surface.

Now, I have no doubt that extensions can block ads. Active Oldest Votes. This is always what keeps me from installing many types of extensions. There are some really great ones out there, but when I install extensions in Chrome for example and it says, "This extension can access all private data on every web page you visit" I stop and decide not to. Stinks because I'm also giving up a lot of functionality. Gleno Gleno Parappa Parappa 7, 2 2 gold badges 33 33 silver badges 38 38 bronze badges.

There is difference between Mozilla plug-in eg. Flash, Java and Mozilla extension eg. Firebug, AdBlock. Extensions are not sandboxed. Peter Neversoft Peter Neversoft Sign up or log in Sign up using Google.

Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Who owns this outage? Building intelligent escalation chains for modern SRE. Chrome extension developers have claimed they constantly receive offers to buy their extensions. Chrome has been under attack due to its popularity, but this problem affects all browsers. Update : This statement was true when we wrote the article back in , but Firefox does now have a permission system like Chrome.

Try to pare down your list of installed extensions to just the essentials to minimize the chance one of your installed extensions goes bad. However, the official Gmail Notifier created by Google, OneNote note taking extension created by Microsoft, or LastPass password manager extension created by LastPass will almost certainly not be sold to a shady company for a few thousand bucks.

You should also pay attention to the permissions extensions require, when possible. For example, an extension that only claims to modify one website should only have access to that website.

However, many extensions need access to everything, or access to a very sensitive website you want to keep secure like your email. In the past, we might have said that the Web Developer extension was safe because it was legitimate. However, the developer fell for a phishing attack and the extension became malicious.

Browse All iPhone Articles Browse All Mac Articles Do I need one? Browse All Android Articles Browse All Smart Home Articles Customize the Taskbar in Windows Browse All Microsoft Office Articles What Is svchost. Browse All Privacy and Security Articles Browse All Linux Articles Browse All Buying Guides. Best iPhone 13 Pro Case. Best Bluetooth Headphones for Switch. This solution maximizes the security of your system so that when you connect to the network, the information is secured and encrypted and therefore hidden from attackers that might be lurking behind browser extensions.

Your email address will not be published. Learn more about how we sustain our work and review products. What Is a Browser Extension? Examples of Vulnerable Browser Extensions A recent example of the concerns surrounding browser extensions can be seen in the Grammarly extension, which revealed its authentication tokens to every website that a user visited. How to Safely Use Browser Extensions In order to stay safe while using browser extensions, it is recommended to avoid downloading too many of them.

Share Your Comment Cancel reply Your email address will not be published.