Online Security and Addressing the Dangers of Browser Extensions

 Key Risks Posed by Browser Extensions:

• Privacy Intrusions - Many browser extensions request broad permissions. If abused, they can compromise user privacy. Some of these include accessing browsing history and monitoring keystrokes.
• Malicious Intent - There are many extensions developed with genuine intentions. But some extensions harbor malicious code. This code can exploit users for financial gain or other malicious purposes.
• Outdated or Abandoned Extensions - Extension’s that are no longer maintained or updated pose a significant security risk. Outdated extensions may have unresolved vulnerabilities.
• Phishing and Social Engineering - Some malicious extensions engage in phishing attacks. These attacks can trick users into divulging sensitive information.
  
  

Mitigating the Risks:

• Stick to Official Marketplaces - download extensions from viable marketplace sources, such as those provided by browser development parties such as Microsoft, Google etc.
• Limit the Number of Extensions you Install - Only install extensions that are absolutely required.
• Review Permissions Carefully - before installing any extension, review the permissions the extension requests and be cautious if the extension seeks access to unusual data which may seem unrelated to its core functionality. Where possible, limit the permissions to only what is required for the extensions purpose.
• Conduct Regular Audits of Extensions Installed on your Browsers - Regularly update your browser extensions to ensure that the latest extension and/or security patches are applied. Like applications and hardware, developers will release updates to enhance security and address vulnerabilities found. If an extension is not necessary, poses potential security risks or outdated and no longer receiving updates, then consider removing the extension and seeking an alternative.
• You can search CVE sites such as: https://cve.mitre.org/ to hunt out any extensions and their versions with known vulnerabilities.
• Use Security Software - Ensure you use a reputable anti-virus and anti-malware solution such as Webroot or Microsoft Defender, which will add an extra layer of protection against malicious extensions.
• Educate yourself and your Staff - As we have said before, users often become the Achilles heal with regards to your digital fortress. Ensure you and your users are aware of all of the above points, as well as ensuring you have policies in place when it comes to installing extensions.
• Report Suspicious Extensions - Report suspicious extensions to both the official browser extension marketplace and your IT Team.

Author

Richard Huggins

Richard joined us in 1997 as an apprentice IT engineer conducting on-site installations of CAD workstations and Microsoft and Novell network environments. After a brief spell away to travel the world, he returned to work on our helpdesk supporting our CAD customers. In 2007, Richard was promoted to Support Services Manager and worked in this role until 2016 when he decided to acquire new skills and widen his IT industry knowledge and left to work as an Operational Manager for one of the UK’s Top 20 leading Information Security companies. In 2019 Richard once again returned to Symetri as Head of Support and Customer Success to further improve the Symetri customer support experience and is now responsible for the IT Solutions division.