Extensions are useful to add functions to the browser, but can also bring dangers to the user. According to security experts, this software has some of the same chances of damage as any other program downloaded directly from the Internet, so they require the same care. Depending on the store, a downloaded plugin can damage the operation of visited sites and, in more serious situations, even steal personal data such as passwords and social network login.
Research developed by the security company Awake Security released in June showed, for example, how more than 100 extensions bypassed the Chrome Web Store’s defenses and reached more than 32 million victims. According to the study, hackers displayed a different version of the code whenever there was a Google robot inspection. However, Chrome users are not the only ones affected by this kind of trickery. Here are 7 risks of installing extensions in Chrome, Firefox, Edge, Opera, Safari, and other browsers.
1. Download Malware to the Device
The main danger of downloading extensions is to make way for viruses to affect the computer. Although Google, Microsoft, Apple, and other companies check for irregularities periodically, hackers use several tricks to hide malware in seemingly harmless plugins. One strategy is to approach developers of legitimate extensions and make an offer to purchase them. Many users, therefore, may become the target of cyberattacks overnight without knowing that the reason is the change of ownership of a plugin they were already used to.
Recently, Google removed from the Chrome store four (4) extensions discovered by Gigamon experts who installed malicious code that made the user click on ads automatically. To disguise themselves, they brought common functions such as reminders and even increased security with HTTPS.
2. Spy the User
A plugin that becomes dangerous software over time may also have access to user files. Among the hundreds of extensions discovered by Awake Security were some aimed at spying on companies that kept searching for secret documents shared on the network. The perpetrator’s goal may involve, for example, the practice of extortion with the threat of publishing something personal or valuable to a company.
3. Accessing Personal Data
Even if they don’t practice espionage, some extensions can be quite invasive. As plugins don’t usually generate many financial returns for developers, it is common for some to choose to collect data with the idea of selling it to a digital marketing company.
This was the case, for example, with the Web of Trust, a plugin compatible with the main browsers in the market that was caught by experts selling the collected data to third parties. Among the information would be such things as the history of sites visited, usage time, browser and computer specifications, among other data whose sharing harms the user’s privacy.
4. View Intrusive Advertisements
Other extensions may not steal the data for advertising companies but may be infected with adware. When many pop-ups appear on the screen, it is always recommended to check if the problem did not occur when a particular browser plugin was installed. Fortunately, this invasive advertising tends to be easier to remove as it usually only requires uninstalling the extension. When adware arrives through a Windows program, for example, the effort to remove it can be more complicated.
5. Steal passwords
One of the most serious dangers with extensions is the theft of passwords for various services, mainly financial. In April, Google removed 49 extensions capable of intercepting the access key from cryptomachs wallets. Plugins can record what is typed on the keyboard, display fake entry screen to make the user hand over the password without knowing it or even snoop around the clipboard to get everything that is copied with Ctrl+C. Other extensions with similar behavior have also appeared in the past with a focus on Internet Banking.
6. Breaking down elements of accessed sites
Even though it is not criminal, an extension that has not been well developed can also hinder the loading of sites. This kind of behavior usually occurs, for example, with ad blockers. The result can be an online store that does not show buttons correctly or has checkout errors. In other sites, a plugin can hide certain content mistakenly, such as videos and images that are not advertising.
7. Let the browser slow
When it does not cause slowness, a poorly developed extension can consume a lot of RAM and slow down the PC. The advantage is that, at least in Chrome, it is possible to easily check whether the slowed-down computer is the fault of a plugin. Just open the browser’s task manager and see if one is consuming too many resources. Uninstalling the extension usually resolves cases like this.
How to protect yourself
According to security experts, precautions against problems with extensions are mainly to be lowered only at the official shop. Also, it is important to research the reputation of the software by reading user reviews. As there have been cases of developers hiring fraudulent reviews, it is also important to perform manual searches on the plugin on Google.
It is also important not to grant special permissions to extensions, especially those created by unknown developers. Be suspicious, for example, if an annotation or reminder plugin requests permission to access your files or monitor your browsing. Another point to consider is not to install a large number of plugins that the browser does not get heavy, besides having a good antivirus on the computer with an Internet module that also analyzes the extensions.