How Safe Are Browser Extensions?

Browser extensions are an integral part of many users’ browsers. But what do you really know about browser extensions? You certainly know of them: perhaps you use an extension to take notes, like Evernote, or an extension to manage passwords, like LastPass. But do you know how browser extensions work?

Some browser extensions require access to almost everything your browser sees. They can see sites visited, keystrokes, and even passwords. In addition, browser extensions come from many publishers, from well-respected browser publishers to little-known third-party vendors, leaving it hard to tell what’s a legitimately useful extension - and what is little more than a fancy piece of malware. Not every browser extension is safe; many are malicious. That opens you, the user, up to a variety of problems including fraud and identity theft.

How do you determine how safe a browser extension is? More generally, how do you use browser extensions safely? In this article, we’ll talk a bit about data safety in general then browser extensions more specifically. Spoiler alert: Brave handles all of the same extensions as Chrome, but with added safety and security features.

Internet browsers and personal data

Let’s start with browsers. Internet browsers are more than simply a vehicle for accessing the Internet. In recent years, they are part of the entire Internet ecosystem that trades your personal data for unfettered access to the Internet. Websites track your viewing history, social media gathers likes and follows, and third-party data brokers collect all of that info to assemble a digital profile for you. That information allows them to target you with tailor-made ads. At Brave we don’t think that’s right; that’s why we built Brave, to give users control over their privacy and data.

There are two big concerns here; one, how secure is that data? How detailed is your digital profile, and do you really want anonymous entities buying and selling your info? Second, because this whole process passes through your browser, there’s a noticeable slow-down effect.

The Brave browser aims to solve both issues in one blow. Brave doesn’t allow trackers and eliminates the vast majority of third-party ads. The result gives much more control to the users over who has access to their data. The Brave browsing experience is also markedly faster, free from the slow-down effect of background trackers. Faster page loading is one of the key features of the Brave Browser.

Browser extension safety issues

Any secure browser can be susceptible to attack from within. Browser extensions are added by the user; if the user approves an unsecured or compromised extension, attackers can gain access to all the information that passes through the browser. In 2018, four extensions were discovered for Google Chrome that were secretly using the browser to click on pay-per-click ads. And this January, Mozilla removed 197 add-ons, many from the same company, that were either collecting user data without the user’s consent or were running malicious data.

What makes browser extensions so innocuous is their permissions management. Most browser extensions have an extensive level of access that users are unaware of.

Can Chromium extensions be dangerous?

Brave and Google Chrome are both Chromium-based web browsers; as such, they both are compatible with most of the extensions found on the Chrome web store. The majority of extensions found there won’t put your information at risk, but there are some that will. Other extensions start out fine; they’re from an approved publisher and they get distributed on the web store, but then the extension gets sold to a different publisher. That publisher may not be as trustworthy; they can update the extension and modify the code to permit unauthorized access.

This happened in 2017 when the “Particle” extension for YouTube was sold to a developer who updated and then used the extension to inject ads into websites. As users of the extension swiftly noticed the change and complained, others picked up on the fact that two other extensions owned by the developer also changed from helpful to fraudulent upon being sold, illustrating that some dangerous extensions exist even in official web stores.

Browser extension safety issues

Are Chrome extensions safe? Not only could a browser extension track every page you visit, download your passwords, and your personal information, but by downloading a dangerous extension, you could inadvertently download malware, adware, and trojan horse viruses. Other browser extensions are dangerous because of the information they pick up from your history and pass on to third parties.

Fortunately, comparatively few risky extensions get to the official web store of your favorite browser. Brave or Chrome extension security only requires a few simple steps, starting with a quick check on the source and legitimacy of your favorite browser extension.

Determine the extension you want to install, and check it on the official web store. Look for proper grammar and authentic logos. If the extension has a web page, check that out as well, but ensure that you have a strong content blocker. The absence of a web page and contact information for the developer doesn’t necessarily mean that the extension is unsafe, but it can be concerning.

Reading permissions for the extension along with reviews is a great way to confirm that the extension is legitimate. But when looking at reviews, beware of a string of positive comments that are identical and all published on the same date, or are all 5-star reviews. When you search for further information on the extension beware of look-alike extension “clones” that are probably unsafe. Once again, a simple search for each of your extensions can give you further information on whether it is safe to keep using them or not.

If you need to remove an extension, search for further information on your specific browser for a personalized how-to on removing it. Each browser is unique and has a slightly different process for removing unwanted extensions.

Read here to find out more about removing an extension from the Brave browser.

Conclusion

Not every browser extension is unsafe; many are fun, useful additions to your web browser. But do your due diligence to determine the authenticity and safety of everything that you download. Research an extension’s publisher and history before you download an extension. Stay alert and observant about your downloaded browser extensions, and delete unused extensions.

To use browser extensions safely, use them sparingly. And consider using a next-generation browser like Brave. Brave is based on the Chromium code, like Google Chrome, but empowers the user to protect their data and privacy online.

Related articles

A Beginner’s Guide to Browser Extensions

In this guide, we explain what browser extensions are, how they work, and the benefits of using them. We also cover the importance of security and privacy when using them.

Read this article →

How to Uninstall Chrome Extensions

This guide will walk you through how to uninstall Chrome extensions, how to double-check for extensions that might not appear at first, and some basic best practices.

Read this article →

How to Add an Extension to Chrome

This guide will walk you through how to find, install and manage your Chrome extensions. We've also included tips on how to keep your data safe.

Read this article →

Ready to Brave the new internet?

Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.