What are browser extensions?
Modern browsers like Google Chrome and Microsoft Edge make it easy to access Websites, search the Web, even use other Web apps. But sometimes the browser may not have exactly what you want out-of-the-box. In these cases, a browser extension can help you customize your browsing experience.
Basically, an extension (also known as a plug-in or add-on) is a tiny piece of software that adds some custom function to your core browser. Think here of things like dark-mode, spell-checkers, ad-blockers, and more. But extensions can also open you to more security risks.
In this short article: an intro to browser extensions. What they do, how they work, how to add / remove them, and some considerations when installing. We’ll also discuss a safer alternative to extensions.
The basics: what is a browser extension?
At essence, Web browsers process information. Uploads from your computer, downloads from the Web, cookies…all this happens in your browser. Even visiting a simple web page requires an exchange of information.
Browser extensions modify this basic flow of information in some way. An extension is a small software module you can choose to install to customize your browser’s appearance or function. A few of these software packages come from the makers of the browser, but more often, they come from third-party developers. There are thousands of browser extensions available, often (though not always) through approved resources like the Chrome Web Store.
What do extensions do?
Extensions can do almost anything. They might enable email encryption, ad-blocking, one-click password storage, spell checking, dark mode, calendar add-ons, and more. Extensions are like specialized agents working with the flow of information through your browser. They might organize your notes, protect you from hackers, or just transform how that information appears in the browser window.
But this also means some extensions have access to everything we do online, from shopping to checking our bank accounts. A poorly-secured browser or a bad extension can expose you and your data, putting you at risk of identity theft or fraud.
Different browsers, different extensions
Firefox and Safari use fundamentally different source codes from Chrome and Brave (which both rely on the open-source Chromium codebase). This means that an extension for Firefox will require a separate version to work for Brave or Chrome. The situation gets more complicated when you realize that some browsers don’t support extensions.
But more and more browsers are now relying on the Chromium engine; browsers that share source code can also share extensions.
Browser extension security and privacy
One of the issues that come up frequently with browser extensions is the question of security. Cyber-security and online privacy are critical topics, and there are several issues you should be aware of when using a browser extension.
Any add-on to your browser carries a bit of additional risk. An extension is simply another bit of software, and if that software has a weakness (or it’s downright malicious), you could open yourself up to security issues. Since we bank online, conduct business online, make purchases online, and keep up a social life online, our browsers have access to virtually all of our personal information. A malicious or flawed extension opens the door for theft of that information.
The first step to managing security and privacy with extensions, is to ensure you’re using the most secure and private browser (more on that later). Second, you’ll want to have good hygiene with your extensions: knowing where those extensions come from, and limiting the number you install.
How to use extensions safely
There are four main things to consider for safe use of extensions:
- Checking who makes the extension (along with the total downloads and reviews)
- Keeping track of what you’ve installed
- Being careful not to install too many extensions
- Periodically reviewing and removing unused extensions
We’ll review each of these below.
Check the extension source
Before you install an extension, you should ask a few questions:
- Is it made by a reputable source?
- Have lots of other people downloaded the extension?
- Have lots of other people reviewed the extension? Are the reviews mostly positive?
- Are there third-party reviews (e.g. in tech blogs) that vouch for the extension?
- Are you downloading from an “official” place like the Chrome Web Store?
By downloading an extension, you’ll likely be enabling that extension to access any personal data that passes through your browser. So it’s best to know it comes from a reputable source and it has some social proof or third-party vetting. All of the questions above will help you determine the extension’s safety.
Don’t overload your browser
Every extension you install adds a security risk and a performance burden to your browser. If you’ve got 15 extensions installed—and running—you’ll likely see a slowdown in browsing and even device processing speeds. Everything will just move slower, or your computer’s fan might even turn on more.
Know what extensions you have
It’s best practice to monitor the extensions you’ve installed, and which are still actively running in your browser or on your device. This will ensure you’ve always got at least a general idea of what’s installed, in case you hear about a risky extension or a possible data leak. This happens regularly, and you’ll want to know if you’re one of the ones affected.
Delete unused extensions
Finally, you should delete any extension you’re not regularly using. If it’s not in daily or weekly use, it’s probably not worth keeping on your browser.
When you look at your list of installed extensions, you might find more there than you thought. If you’re unsure how an extension got installed or where it came from, delete it!
Browser extensions tips and tricks
Now that we’ve covered the basics, here are a couple more things to consider.
Mobile browser extensions
Android-based mobile browsers offer three approaches to extensions:
- Some come with no extensions
- Some are only compatible with native extensions from the browser maker
- Some allow for third-party extensions
The Chrome web browser supports thousands of extensions, but the mobile version of Chrome supports none. Other mobile browsers like Opera offer only native extensions, whire are built by the publisher and managed by the user.
It’s also worth mentioning that some mobile browsers essentially act as beefed-up extensions on their own; they specialize in performing one particular feature. Flynx (reading and page-loading) is a good example of this.
Chrome Web Store—more than just Chrome
The Chrome Web Store is a useful resource to search for new Chrome extensions. But note you can use those extensions for any browser that relies on Chromium, the open-source language that underpins the Chrome browser.
For example, the Brave browser will work with any Chrome browser extension since they share the Chromium code. There are other places to find extensions, including downloading them directly from the publisher’s website, but if you’re running a Chromium-based browser, the Chrome Web Store should be the first place you look.
Brave browser extensions
Brave makes finding and adding new extensions easy. Since Brave, like Google Chrome, is Chromium-based, the primary source for new extensions for both browsers is the Chrome Web Store.
But Brave adds an extra layer of security by auditing available extensions. If you try to add an extension that Brave hasn’t reviewed, you’ll see a message like:
“Brave has not reviewed this extension for security and safety. Only install this extension if you trust the developer.”
The final decision to install any browser extension is of course up to you. But Brave gives you the info you need to protect yourself. Third-party extensions can pose a significant security risk—they can secretly include malware, or even spoof the real thing (as with the numerous MetaMask fakes on the market) to trick you into sharing financial info. There’s even a risk in downloading from trusted channels like the Chrome Web Store. Occasionally, Google will accidentally remove the “real” version of an extension and leave a fake one behind. It’s also possible for a legitimate extension to pass an audit, make it onto the web store, and then be sold to a different publisher who changes the code and introduces malware.
These risks make Brave’s extension audits critical.
Brave—safe by default, safer for extensions
To get the most out of your extensions, you need a browser that has the most to give. The Brave browser prioritizes a streamlined and safe browsing experience by giving you access to all the extensions on the Chrome Web Store. But with Brave, you won’t need as many extensions because some of the most common extension functions—like ad blocking—are built right into the browser.
Brave is safer and more private by default, and safer for extensions (when you need them).
Ready to Brave the new internet?
Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.Download Brave