A browser extension is a plugin for your browser that adds functions and features to it. They can be used to block ads, translate text from one language to another, add pages to a third-party bookmark service such as Evernote or Pocket and a whole lot more.  And they’re popular.

There are thousands of plugins available for productivity, customisation, shopping, games and so on. Almost all popular browsers support extensions. You can find them for Chrome, Safari, Opera, Internet Explorer, Microsoft Edge, and Firefox.

They are can be helpful it’s no surprise that lots of people use several extensions and in some cases even 20 or more.

But, and here’s the unfortunate bit, they can be dangerous.

Malicious extensions

Some extensions can be malicious. These typically come from third-party websites, but sometimes they sneak into official sites such as the Google Play store. 
 
  • As an example, four extensions in the Google Chrome Web Store posed as innocuous sticky notes but generated profits for their creators by secretly clicking on pay-per-click ads. Another example is an extension that was secretly used to spread malware in Facebook Messenger.
 
  • Most extensions also can collect a lot of data about users and some developers sell this data to third parties. Sometimes the data is not anonymised properly which leads to serious privacy issues.
 
  • Some widely used Chrome and Firefox browser extensions scraped and sold the data of more than 4.1 million people. These extensions took the URL and other details from the browsing history and sold them to a data firm called Nacho Analytics. The company offered its customers to “see anyone’s analytics account” and to provide “real-time web analytics for any website” for $49 per month. As a result personal sensitive information was exposed including tax returns, doctor-patient communications, and links to Nest cameras.
 
  • Some extensions are loaded with malware that takes the information you have stored in your browser and sends it to hackers. This includes passwords, payment card details, addresses, and phone numbers.
 
  • A lot of extensions are updated automatically which means that if a user has downloaded an innocuous extension it can be updated to become malicious. The update is pushed to the user and they don’t know anything about it.
 
  • If this wasn’t enough to contend with hackers also deliberately target browsers to steal sensitive information such as passwords, payment card info, browsing histories and so on. They use several different methods, each one equally effective.

Permissive permissions

In theory, any piece of software you download requires your permission to run on your computer. A dialogue request appears asking for this permission.

When it comes to browser extensions however, many of them don’t request permission. The same also applies to cookies and these wee monsters can also suck up your data and pass it on to third parties.

In other cases, if you don't grant permission to use data, for instance, you can't use the extension. To use the extension you give the extension creators the power to do virtually anything with your data.

Secure browsing

BullGuard has developed a bespoke Secure Browser, now available in BullGuard Premium Protection and BullGuard Internet Security, which nullifies these threats.

It doesn’t load cookies, plug-ins or extensions automatically, without your explicit permission. In short, it gives you time to consider whether you want to add an extension, for instance, checking other user experiences using the same extension. And the same goes for cookies.

However, it also does a lot more. It keeps your payment card data safe from browser attacks, ensures your log-in details aren’t hijacked, identifies malicious websites, locks down the browsing cache and defends you against spoofing attacks in which hackers set up websites that imitate the real thing such as an online retailer or bank.

And of course, it delivers the functionality of a browser you would expect such as address bar hints, suggestions, shortcuts and more.