Every day, our web browsers help us complete more assignments and more work. Before, if we wanted to use a specific program we had to download and install it. Now, there are a number of web applications that we can use to satisfy our daily needs. You can find web apps for editing documents and preparing presentations (Google Drive), communicating (Facebook, Twitter, Gmail, etc.) or shopping online (Amazon), among many other things.
What most internet users are not so aware of are the increasing number risks and threats associated with these web apps. This is very worrisome since the internet is where most of our job-tasks begin. In regards to these risks, maybe the weakest link (and the most unnoticed) is actually the harmless web browser we use, which is not very harmless at all.
A browser extension is a plug-in, or a short piece of code, that is executed by the browser to amplify its functionality in some way. They can be extremely useful (to block ads, rescue emails you thought were lost, to exit windows you aren’t using, etc.), but there are also a great number of malicious extensions that we should watch out for, that are actually backdoors for cybercriminals.
Malicious extensions can gain access to your browser history and can even modify the pages you visit or save the passwords you use. Obviously, the cons of these extensions outweigh the pros (spying and selling your data, stealing your passwords, etc.), but it’s still nice to have the option to use these services.
Malicious extensions can gain access to your browser history and can even modify the pages you visit or save the passwords you use
The most worrisome aspect of these extensions is that they save permissions, even if authors have modified operations. Usually, the authors of these extensions are independent developers, who work as a hobby, or small businesses with limited resources. If a bigger fish were to appear with a wad of cash, it can be assumed that many of these authors would be willing to sell their extension, which could be modified later by the new owner without losing privileges.
This is exactly what happened with a number of popular Chrome extensions, even though these extension problems are not exclusive to Google browsers. Recently, a group of investigators proved how some of the most famous Firefox extensions were capable of hiding malware.
The moment we install an extension, we must take the same precautions that we take when downloading Android and iOS apps, or software for Windows and mac. The most important thing is to do is make sure the source is trustworthy.
Official extensions that are associated with well-known applications (such as Pocket or Feedly) are usually more secure than the extensions offered by an unknown developer, even if they offer similar services. Reviewing the number of downloads and comments for an extension is good practice, but not infallible.
Official extensions that are associated with well-known applications are usually more secure
Additionally, it is a good idea to periodically revise the extensions you already have installed (for Chrome, you can do this by writing “chrome://extensions/” in the web address bar) in order to eliminate the ones that you don’t use or have forgotten about.
Remember, anyone can end-up in the hands of someone unscrupulous, who will take advantage of permissions to spy on your browser, put up adware, or even, rob your passwords.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
