• Time to audit your browser extensions?

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Home Users » Time to audit your browser extensions?

    Tags:

    Author
    Topic
    Microfix
    AskWoody MVP
    September 12, 2022 at 4:15 am #2477092

    Interesting security article on browser extensions that users should take heed of, no matter what browser is used:

    Each of us has probably installed some kind of browser extension at least once: an ad blocker, an online translator, a spellchecker or something else. However, few of us stop to think: is it safe? Unfortunately, these seemingly innocuous mini-apps can be far more dangerous than they seem at first glance. Let’s see what might go wrong…

    Remember: Wants and needs are usually two different things..

    Windows - commercial by definition and now function...
    2 users thanked author for this post.
    DrBonzo, windbg
    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • Fred
      AskWoody Lounger
      September 12, 2022 at 4:54 am #2477101

      This text has no added value at all,
      and is nothing more than advertisement for Kasperskyhttps://www.kaspersky.co.uk/blog/dangers-of-browser-extensions/24928/ )

      Mind you, the West, including the USA is under attack from Russia (and other non-western countries) long before the Ukraine war, and there is a ban on this.

      https://nypost.com/2022/03/28/kaspersky-antivirus-software-on-us-national-security-risk-list/

      * _ ... _ *
      1 user thanked author for this post.
      Mele20
      Reply | Quote
      • Microfix
        AskWoody MVP
        September 12, 2022 at 2:17 pm #2477247
        Fred wrote:

        This text has no added value at all

        nice admission of your post fred 🙂
        It’s the content that counts, not where the paranoia lays..

        Windows - commercial by definition and now function...
        Reply | Quote
    • windbg
      AskWoody Plus
      September 12, 2022 at 9:36 am #2477160

      Useful article read about the dangers of extensions and a good topic to discuss.

      Have yet to see a good formal procedure on how the end-user can judge the safety of a browser extension install.

      My procedure:
      * Read the extension reviews.
      * See how may others are installing the extension, the more the better.
      * Have an external review vetting the extension.
      * Was the extension created by a company with a reputation to protect?
      * Never permit browser extension installation unless initiated by yourself from the official browser store.
      * Disable extensions not in daily use.
      * What else?

      What browser extension stores do better than others?

      What security suites also look for adware/malware in browser extensions? Do they automatically scan extensions during their installation? (Browser extensions are similar to a program install with the power to cause all sorts of havoc.)

      Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

      3 users thanked author for this post.
      Lars220, Microfix, DrBonzo
      Reply | Quote
      • Microfix
        AskWoody MVP
        September 12, 2022 at 1:54 pm #2477243

        * What else?

        First in my list using firefox, is to check whether the extension is recommended by mozilla as per their support page

        Recommended extensions are editorially curated extensions that meet the highest standards of security, functionality, and user experience. Firefox staff, along with community participation, selects each extension and manually reviews them for security and policy compliance before they receive Recommended status….

        Been using the same ‘recommended’ browser extensions for years without issue.

        For those who are unsure, there is also Tips for assessing the safety of an extension by Mozilla.

        Windows - commercial by definition and now function...
        1 user thanked author for this post.
        Lars220
        Reply | Quote
    • Lars220
      AskWoody Plus
      September 13, 2022 at 1:57 am #2477448

      A couple of educational articles to consider:

      How-To Geek Author Chris Hoffman updated June 29, 2020 –
      Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
      Browser extensions are much more dangerous than most people realize.”
      Here’s how to stay safe: Use as few extensions as possible.”
      https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/

      Wired article by David Nield June 27, 2021 –
      How to Make Sure Your Browser Extensions Are Safe
      As useful as all those add-ons can be, don’t get complacent when it comes to making sure they’re also secure.” and
      Identifying a bad browser extension isn’t an exact science, but there are some general pointers to follow.”
      https://www.wired.com/story/how-to-audit-browser-extensions-security-chrome-firefox-edge-safari/

      Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases
      2 users thanked author for this post.
      windbg, Microfix
      Reply | Quote
    Viewing 2 reply threads
    Reply To: Time to audit your browser extensions?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.