Browser Extensions Have Hidden Risks. Are You Protected?

If you’re a regular internet user, chances are you’ve come across browser extensions by now. They’re so popular and so widespread that, even if you’ve never heard of them, you’re probably even using some right now as you read this post. Browser extensions can be a fantastic thing: they can enhance your productivity, make you (look like) a better writer, and help your browser be a more enjoyable thing to use. But browser extensions can also have a dark side. It’s important to understand the risks before diving down the extension rabbit hole — especially on business devices.

What Are Browser Extensions?

Browser extensions are little bits of software that change the way an internet browser behaves. They can deliver tons of helpful functionality, like adding in a grammar checker like Grammarly or a translator or making it easier to take and edit screenshots within your browser. A decade or so ago, extensions that blocked obtrusive or spammy ads were extremely popular, too. Some are just fun, changing your cursor into a cat or enabling an entire game within your browser. Others add a bit of beauty and culture, like this Chrome extension that replaces your home tab screen with a new piece of world-famous art each day.

Does My Browser Support Extensions?

Yes. (Unless you’re using something really unusual.) All the major browsers — Chrome, Edge, Safari, Firefox, and so on — support browser extensions. Chrome was the first browser to push extensions hard, so it has (arguably) the best and largest collection.

Where Do I Get Extensions?

Usually, you’ll go to your browser’s extensions “store” (a bit of a misnomer since nearly every extension is free). Then you’ll find the extension you want and click the “Add to Chrome” or some similar button, and away you go. Sometimes — such as with Grammarly — an app or service you’re using might prompt you to download their browser extension, which may or may not take you to the extension store. When you’re dealing with reputable, trusted products and services, you should have nothing to worry about.

So What’s the Problem?

So what’s the problem with extensions? There are two big ones: performance and security.

Performance

Some browser extensions use up barely any processing power or memory; you’ll never notice a difference when they’re running. But others can really suck up your computing power, and sometimes an extension will freak out on you and start stealing memory. This means that your browser might grind to a halt, with no clear reason. Most of us don’t think to disable extensions to see if the issue goes away.

Security

The other problem is, this is the internet. And if bad guys can find a way to exploit something, they will. The extension marketplaces for various browsers aren’t well vetted. Just about anyone can upload a new extension, and it’ll only get removed if Google or Microsoft or Mozilla get enough complaints about it. It’s not like the iOS App Store, which has serious vetting procedures (and even still, scam apps sneak through there regularly). It’s also possible to end up downloading a malicious browser extension without visiting your browser’s extension store: phishing emails and malicious ads (You’ve probably seen a popup that says “There’s a problem with yuor computer!1!” or “You won a free iPone!”) might trick you into clicking or tapping. That action then downloads and installs an extension without your knowledge. Most of these malicious extensions are simply adware. They start stuffing your browsing experience with increasingly obtrusive ads. But others can contain malware that could steal credentials or data from your computer or network. These are like phishing schemes that run 24/7 and can do serious damage.

The Solution

You have a few options for dealing with extension risks. First is self-discipline: download only reputable extensions from your browser’s store, and don’t click those bonkers ads. (No one is giving you a free iPhone via pop-up window, we promise!) Second is controlling whether or what kinds of extensions can be installed on business computers. This is a part of endpoint management, an important IT strategy we can help you implement. Need help securing your devices or developing effective security policies for your team? We can help. Reach out to our team today!