With extensions, browsers such as Chrome or Firefox can be easily extended with additional features. But these small programs are more powerful than you might think – and are sometimes bought and misused by dubious companies.
A few clicks are enough: if you download an extension – also known as an add-on or plugin – browsers like Google Chrome or Mozilla Firefox learn new tricks in no time. And they can suddenly display comparison prices, check spelling on Facebook or even adjust the display of web pages. But the use of extensions must be carefully considered.
Security expert Brian Krebs warns: Therefore, you should not (almost) use browser extensions
This is the advice of security expert Brian Krebs. The occasion is a current case. Out of nowhere, the website of the American health insurance company Blue Shield of California was flagged as a malicious site by several antivirus programs, Krebs reports in his blog. An investigation revealed that the fault was a browser extension, which one of the site’s developers had downloaded and installed in his Chrome browser.
Page Ruler: Malicious Browser Extension
The Page Ruler guilty extension is designed to help developers correctly estimate the size of images and other elements of the web pages they create. The extension, installed about 400,000 times, was actually created with good intentions. The problem was that the developer had sold it to an advertising company, which turned it into a malicious program that secretly placed advertisements on websites created with it. The antivirus programs had reacted to the smuggled program’s code and an innocent company was suddenly considered dangerous.
The danger of extensions and their permissions
The incident revealed a very fundamental problem with extensions, Krebs argues. For one thing, they are often much more powerful than most users suspected. With the right permissions, they can read everything that happens in the browser or redirect the user to other websites, such as fake stores.
On the other hand, extensions, which are often improvised by hobby developers at some point and are no longer maintained, are susceptible to purchase by advertising companies. The companies thus get an established program, the developer earns money on a project he didn’t care about anyway.
Don’t overuse browser extensions
Therefore, the recommendation of cancer is quite difficult: It would largely avoid extensions itself. “In almost every case, the permits deterred me so much that I preferred not to take any chances,” he explains. If he does not want to do without them completely, he recommends only very sporadic recourse to extensions regularly maintained by the promoter.
Those who want to force themselves on you are taboo anyway. And in case of doubt, you should quickly separate yourself from the extensions again. “If an extension suddenly wants significantly more rights with an upgrade, this is a very clear warning sign. Then one should dispense with it completely.
The currently installed extensions can be found in Chrome in the three-point menu at the top under “Settings” and Extensions. In Firefox the option is behind the menu button with the three dashes and then “Add-ons”.
Who is Brian Krebs?
Brian Krebs is an American journalist, writer of the blog Krebs on Security. He is a noted professional for his studies on web security, spam, computer worms and specializing in the underground sector that hides behind them.
What is a browser extension?
A browser extension is an add-on that adds certain functionality and features. Extensions can modify the user interface or add a web service to your browser.