Browser extensions are much more dangerous than most people realize. These small tools often have access to everything you do online, so they can capture your passwords, track your web browsing, insert advertisements into web pages you visit, and more. Popular browser extensions are often sold to shady companies or hijacked, and automatic updates can turn them into malware.
We’ve written about how your browser extensions are spying on you in the past, but this problem hasn’t improved. There’s still a constant stream of extensions going bad.
Why Browser Extensions Are So Dangerous
[FONT=bebas_neueregular]RELATED ARTICLE[/FONT]
Why Do Chrome Extensions Need “All Your Data on the Websites You Visit”?
Browser extensions run in your web browser, and they often require the ability to read or change everything on web pages you visit.
If an extension has access to all the web pages you visit, it can do practically anything. It could function as a keylogger to capture your passwords and credit card details, insert advertisements into the pages you view, redirect your search traffic elsewhere, track everything you do online—or all these things. If an extension needs to scan your for receipts or other small things, it probably has permission to scan your email for everything—which is extremely dangerous.
That doesn’t mean that every extension is doing these things, but they can—and that should make you very, very wary.
Modern web browsers like Google Chrome and Microsoft Edge have a permission system for extensions, but many extensions require access to everything so they can work properly. Even an extension that just requires access to one website could be dangerous, however. For example, an extension that modifies Google.com in some way will require access to everything on Google.com, and therefore have access to your Google account—including your email.
These aren’t just cute, harmless little tools. They’re tiny programs with a huge level of access to your web browser, and that makes them dangerous. Even an extension that only does a minor thing to web pages you visit may require access to everything you do in your web browser.
How Safe Extensions Can Transform Into Malware
Modern web browsers like Google Chrome automatically update your installed browser extensions. If an extension requires new permissions, it will temporarily be deactivated until you allow it. But, otherwise, the new version of the extension will run with all the same permissions the previous version did. This leads to problems.
In August 2017, the very popular and widely recommended Web Developer extension for Chrome was hijacked. The developer fell for a phishing attack, and the attacker uploaded a new version of the extension that inserted more advertisements into web pages. Over a million people who trusted the developer of this popular extension ended up getting the infected extension. As this is an extension for web developers, the attack could have been a lot worse—it doesn’t appear that the infected extension functioned as a keylogger, for example.
In many other situations, someone develops an extension that gains a large amount of users, but doesn’t necessarily make any money. That developer is approached by a company that will pay a large amount of money to purchase the extension. If the developer accepts the purchase, the new company modifies the extension to insert advertisements and tracking, uploads it to the Chrome Web Store as an update, and all the existing users are now using the new company’s extension—with no warning.
This happened to Particle for YouTube, a popular extension for customizing YouTube, in July 2017. The same thing has happened to many other extensions in the past. Chrome extension developers have claimed they constantly receive offers to buy their extensions. The developers of the Honey extension with over 700,000 users once ran an “Ask Me Anything” on Reddit, detailing the kind of offers they often receive.
In addition to the hijacking and sale of extensions, it’s also possible that an extension is just bad news, and secretly tracks you when you install it in the first place.
