Are browser extensions safe?
How do you decide if a browser extension is safe? In this article, we'll cover some best practices for data safety in browser extensions.
Read this article →Modern browsers like Google Chrome and Microsoft Edge make it easy to access Websites, search the Web, even use other Web apps. But sometimes the browser may not have exactly what you want out-of-the-box. In these cases, a browser extension can help you customize your browsing experience.
Basically, an extension is a tiny piece of software that adds some custom function to your core browser. Think here of things like dark-mode, spell-checkers, ad-blockers, and more. But extensions can also open you to more security risks.
In this short article: an intro to browser extensions. What they do, how they work, how to add / remove them, and some considerations when installing. We’ll also discuss a safer alternative to extensions.
At essence, Web browsers process information. Uploads from your computer, downloads from the Web, cookies…all this happens in your browser. Even visiting a simple web page requires an exchange of information.
Browser extensions modify this basic flow of information in some way. An extension is a small software module you can choose to install to customize your browser’s appearance or function. A few of these software packages come from the makers of the browser, but more often, they come from third-party developers. There are thousands of browser extensions available, often (though not always) through approved resources like the Chrome Web Store.
Extensions can do almost anything. They might enable email encryption, ad-blocking, one-click password storage, spell checking, dark mode, calendar add-ons, and more. Extensions are like specialized agents working with the flow of information through your browser. They might organize your notes, protect you from hackers, or just transform how that information appears in the browser window.
But this also means some extensions have access to everything we do online, from shopping to checking our bank accounts. A poorly-secured browser or a bad extension can expose you and your data, putting you at risk of identity theft or fraud.
Firefox and Safari use fundamentally different source codes from Chrome and Brave (which both rely on the open-source Chromium codebase). This means that an extension for Firefox will require a separate version to work for Brave or Chrome. The situation gets more complicated when you realize that some browsers don’t support extensions.
But more and more browsers are now relying on the Chromium engine; browsers that share source code can also share extensions.
One of the issues that come up frequently with browser extensions is the question of security. Cyber-security and online privacy are critical topics, and there are several issues you should be aware of when using a browser extension.
Any add-on to your browser carries a bit of additional risk. An extension is simply another bit of software, and if that software has a weakness (or it’s downright malicious), you could open yourself up to security issues. Since we bank online, conduct business online, make purchases online, and keep up a social life online, our browsers have access to virtually all of our personal information. A malicious or flawed extension opens the door for theft of that information.
The first step to managing security and privacy with extensions, is to ensure you’re using the most secure and private browser (more on that later). Second, you’ll want to have good hygiene with your extensions: knowing where those extensions come from, and limiting the number you install.
There are four main things to consider for safe use of extensions:
We’ll review each of these below.
Before you install an extension, you should ask a few questions:
By downloading an extension, you’ll likely be enabling that extension to access any personal data that passes through your browser. So it’s best to know it comes from a reputable source and it has some social proof or third-party vetting. All of the questions above will help you determine the extension’s safety.
Every extension you install adds a security risk and a performance burden to your browser. If you’ve got 15 extensions installed—and running—you’ll likely see a slowdown in browsing and even device processing speeds. Everything will just move slower, or your computer’s fan might even turn on more.
It’s best practice to monitor the extensions you’ve installed, and which are still actively running in your browser or on your device. This will ensure you’ve always got at least a general idea of what’s installed, in case you hear about a risky extension or a possible data leak. This happens regularly, and you’ll want to know if you’re one of the ones affected.
Finally, you should delete any extension you’re not regularly using. If it’s not in daily or weekly use, it’s probably not worth keeping on your browser.
When you look at your list of installed extensions, you might find more there than you thought. If you’re unsure how an extension got installed or where it came from, delete it!
Now that we’ve covered the basics, here are a couple more things to consider.
Android-based mobile browsers offer three approaches to extensions:
The Chrome web browser supports thousands of extensions, but the mobile version of Chrome supports none. Other mobile browsers like Opera offer only native extensions, whire are built by the publisher and managed by the user.
It’s also worth mentioning that some mobile browsers essentially act as beefed-up extensions on their own; they specialize in performing one particular feature. Flynx (reading and page-loading) is a good example of this.
The Chrome Web Store is a useful resource to search for new Chrome extensions. But note you can use those extensions for any browser that relies on Chromium, the open-source language that underpins the Chrome browser.
For example, the Brave browser will work with any Chrome browser extension since they share the Chromium code. There are other places to find extensions, including downloading them directly from the publisher’s website, but if you’re running a Chromium-based browser, the Chrome Web Store should be the first place you look.
The final decision to install any browser extension is of course up to you. And Brave makes finding and adding new extensions easy: Since Brave, like Google Chrome, is Chromium-based, the primary source for new extensions for both browsers is the Chrome Web Store.
But third-party extensions can pose a significant security risk—they can secretly include malware, or spoof the real thing (as with the numerous MetaMask fakes on the market) to trick you into sharing financial info. There’s even a risk in downloading from trusted channels like the Chrome Web Store—occasionally, Google will accidentally remove the “real” version of an extension and leave a fake one behind. It’s also possible for a legitimate extension to make it onto the Web Store, and then be sold to a different publisher who changes the code and introduces malware.
With Brave, you won’t need to rely on risky extensions because some of the most common extension functions—like ad blocking—are built right into the browser.
Brave is safer and more private by default, and safer for extensions (when you need them).
How do you decide if a browser extension is safe? In this article, we'll cover some best practices for data safety in browser extensions.
Read this article →In this short article, we'll show you how to uninstall extensions, find ones that might be hidden on your device, and cover some basic best practices.
Read this article →A guide to finding, installing, and safely managing extensions on Google Chrome, and to getting the benefits of Google Chrome extensions while protecting against their risk.
Read this article →