Security risks are present in over 50% of browser extensions

Written by

A browser extension is a small software application designed to enhance the functionality of a web browser. Monitoring the installed browser extensions is crucial for ensuring their secure use within your organization.

Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages. Browser extensions are small software applications that add capacity or functionality to a web browser. They can take advantage of the same application program interfaces (APIs) that JavaScript can on a web, but the extension can do more because it also has access to its own set of APIs.

While extensions are typically used to add features and enhance the functionality of a website, they can also be used to remove unwanted website elements such as pop-up ads and features such as ad blocking, content filtering, and ad blocking. Browser extensions are usually written in HTML, CSS, or JavaScript. Like other types of software, browser extensions can be coded for undesirable behaviors and be misused to deliver malware. Though most add-ons are reviewed prior to being listed, malicious extensions that violate browser developer program policies are not uncommon.

For example, in January 2018, a security company called ICEBERG reported that four malicious extensions available from the Chrome Web Store had affected half a million users. Therefore, it is important for users to carefully vet and install browser extensions to ensure their safety and security. It is also recommended to download extensions from official stores, check the developer’s reputation, read user reviews and ratings, review permissions, and use antivirus protection to minimize the risk of encountering malicious browser extensions.

The predicted deployment of malicious browser extensions in 2024 poses several potential consequences:

  1. Data Theft: Malicious browser extensions can steal sensitive data stored in browsers, such as login credentials, credit card information, and personal information.
  2. Financial Loss: Cybercriminals can use malicious browser extensions to launch targeted attacks on financial institutions, leading to significant financial losses for individuals and organizations.
  3. System Compromise: Some browser extensions have been known to compromise the security of entire systems, providing attackers with unauthorized access and control over the affected devices.
  4. Spreading Malware: Malicious browser extensions can be used as a vector for spreading malware, ransomware, and other types of malicious software, increasing the risk of widespread infection.
  5. Damage to Reputation: The use of malicious browser extensions can lead to a loss of trust and damage to the reputation of organizations that have been compromised, as well as the developers of the affected extensions.

To mitigate these risks, it is crucial for users and organizations to carefully evaluate browser extensions before installing them, considering factors such as the developer’s reputation, disclosure of security or compliance audits, and user reviews and ratings. Additionally, regular updates and maintenance, as well as monitoring for data breaches or security incidents, can help reduce the risk of malicious browser extensions.

Some examples of high-risk browser extensions that could cause damage to organizations include:

  1. Fraudulent Chat GPT Chrome Extension: A fraudulent extension posing as a legitimate Chat GPT Chrome extension was identified as a high-risk extension, highlighting the potential for such extensions to cause extensive damage.
  2. Overly Permissive Extensions: The study by Spin.AI found that 51% of all installed extensions were high risk, with overly permissive access that could enable data capture, run malicious JavaScript, and pose serious threats to data stored in browsers and SaaS platforms.
  3. Malicious Extensions Redirection: In 2022, McAfee reported on five malicious extensions that were redirecting users to phishing sites and tampering with eCommerce cookies, indicating the potential for these extensions to compromise user data and privacy.
  4. Threatening Extensions Mimicking Useful Tools: Research has observed various types of threats that mimic useful web browser extensions, with some add-ons capable of making devices a lot safer, while others pose significant risks to victims’ sensitive data, such as credentials and credit card details.
  5. Unknown or Untrusted Authors’ Extensions: A significant number of extensions, including 42,938, were found to come from unknown authors, highlighting the risk posed by extensions developed by untrusted sources.

These examples underscore the diverse range of high-risk browser extensions that could potentially lead to data theft, financial loss, system compromise, and damage to the reputation of organizations. It is essential for organizations to carefully assess the risk associated with browser extensions and implement robust measures to mitigate the potential impact of these high-risk extensions.

High-Risk Extensions

The study showed 51% of all installed extensions were high risk and had the potential to cause extensive damage to the organizations using them. The extensions all had the ability to capture sensitive data from enterprise apps, run malicious JavaScript, and surreptitiously send protected data including banking details and login credentials to external parties.

Most extensions — 53% — that Spin evaluated were productivity-related extensions. But the worst — from a security and privacy standpoint at least — were browser extensions in use within cloud software development environments: Spin assessed 56% of them as high security risks.

Organizations can identify high-risk browser extensions by following these steps:

  1. Discovery/Inventory: Investigate and log all extensions in use organization-wide.
  2. Risk Assessment: Evaluate the permissions and capabilities of each extension, considering factors such as the developer’s reputation, user ratings, and the potential for data capture or malicious code execution.
  3. Review Extension Policies: Establish, enforce, and regularly update security policies surrounding browser extensions, including the evaluation process for new extensions and the permissions allowed for existing ones.
  4. Automated Controls: Implement automated controls to allow or block extensions and applications based on their risk assessment, ensuring that only trusted extensions are permitted.
  5. Regular Updates: Regularly update the organization’s list of approved extensions and remove any unauthorized or high-risk extensions.
  6. User Education: Train employees on the importance of using secure browser extensions and how to identify and avoid high-risk extensions.
  7. Threat Monitoring: Continuously monitor for new threats and updates on high-risk browser extensions, adjusting the organization’s security policies as needed to minimize the risk of malicious extensions.

By following these steps, organizations can effectively identify and mitigate the risks associated with high-risk browser extensions, protecting their data, systems, and reputation from potential cyber threats.

What are some common types of high-risk browser extensions

Some common types of high-risk browser extensions include:

  1. Ad-blockers: While ad-blockers are useful for blocking ads, they can also be used to steal sensitive information or redirect users to malicious websites.
  2. Anti-spyware tools: These tools are designed to protect users from spyware but can be replaced or compromised by attackers, leading to security breaches.
  3. Browser extensions that claim to enhance productivity: Many productivity-enhancing extensions have been identified as high-risk, with overly permissive access that can capture sensitive data, run malicious JavaScript, and surreptitiously send protected data to external servers.
  4. Grammar checkers: Some grammar checker extensions have been found to be malicious, posing a risk to users’ data and privacy.
  5. Search tools: Rogue search tools have been identified as malicious extensions that can steal card details, cookies, and other sensitive information.
  6. Toolbars: Some toolbars have been found to be malicious, posing a risk to users’ data and privacy.

These high-risk browser extensions can cause extensive damage to organizations, leading to data theft, financial loss, system compromise, and damage to the reputation of the affected organizations. It is essential for users and organizations to carefully assess the risk associated with browser extensions and implement robust measures to mitigate the potential impact of these high-risk extensions.

How to protect from high-risk browser extensions

Users can protect themselves from high-risk browser extensions by following these guidelines:

  1. Download extensions from trusted sources: Always download extensions from official stores like the Chrome Web Store, as they are less likely to be malicious.
  2. Review developer reputation: Check the reputation of the extension developer, as well as user reviews and ratings, to assess the trustworthiness of the extension.
  3. Examine permissions: Be cautious of extensions that request excessive permissions, as they may pose a security risk.
  4. Update regularly: Keep your browser and extensions up-to-date to ensure you have the latest security patches and protection against new threats.
  5. Use ad-blockers and antivirus software: These tools can help block malicious ads and protect your computer from malware.
  6. Limit extension usage: Only install extensions that you genuinely need and regularly review them for any potential security risks.
  7. Report suspicious extensions: If you suspect a malicious extension, report it to the browser vendor or a reputable security organization.

By following these guidelines, users can minimize the risk of encountering high-risk browser extensions and protect their data, systems, and privacy from potential cyber threats.

How to use extensions (more) safely

Even though extensions can be risky, if used correctly, they can be extremely beneficial. It’s especially important to research extensions if you are using an application that accesses P4 protected data.

Before Installing an Extension: 

  • Check out the developer’s website to see if it’s a legitimate extension and not a one-off by an unvetted source. 
  • Read the description. Look for things that may be questionable, like tracking info or data sharing.
  • Check out the reviews. Look for users complaining of oddities happening, speculating on their data being taken, or for anything that strikes you as odd.

When Installing an Extension:

  • Be picky. The more extensions installed, the bigger the attack surface you open up to attackers. Only pick the most useful and delete the ones you don’t need.
  • Only install through trusted sources. While not guaranteed safe, security technicians review extensions for malicious content. 
  • Review permissions. Review extension permissions closely. If an extension installed suddenly requests new permissions, be wary. If you can’t find a reason for the permission change, it’s probably better to uninstall.
  • Use antivirus protection. Install and run SCEP(link is external) to detect and neutralize malicious code in browser extensions.

If you really want to dig into an extension, look it up on https://crxcavator.io/(link is external). CRXcavator is a Chrome Extension security assessment automation tool designed to help security analysts have better insight into Chrome Extensions.

How to see extensions already installed

  • Google Chrome users click the three dots to the right of the address bar, selecting “More tools”, then “Extensions.” 
  • Firefox users click the three horizontal bars next to the address bar, then “Add-ons,” then “Extensions.”
  • Safari users click Preferences, then on the Extensions tab. All extensions enabled will have a checkmark in the box to the left of the icon in the sidebar.
  • Internet Explorer users click the gear menu at the top-right corner and select Manage add-ons. Browser plug-ins are displayed under the Toolbars and Extensions category, along with any browser toolbars and other types of ActiveX add-ons installed.

What are some alternative sources for browser extensions that are considered safer

Some alternative sources for browser extensions that are considered safer include:

  1. Official stores: Always download extensions from official stores like the Chrome Web Store, as they are less likely to be malicious. These stores typically have a review process in place to protect users.
  2. Trusted sources: Use extensions from well-known and reputable developers, as they are more likely to be secure and free from malicious code.
  3. User reviews and ratings: Check user reviews and ratings to assess the trustworthiness of an extension. Avoid extensions with excessive negative feedback or suspicious user comments.
  4. Security tools: Use antivirus protection tools like SCEP to detect and neutralize malicious code in browser extensions.
  5. Security assessment tools: Utilize security assessment tools like CRXcavator, which is a Chrome Extension security assessment automation tool designed to help security-conscious users evaluate the safety of browser extensions.

By using these safer sources and following best practices, users can minimize the risk of encountering malicious browser extensions and protect their data, systems, and privacy from potential cyber threats.

Sources :
https://www.osibeyond.com/blog/malicious-browser-extensions-security-risk/
https://brave.com/learn/what-are-web-browser-extensions/
https://usa.kaspersky.com/blog/dangers-of-browser-extensions/27020/
https://security.berkeley.edu/education-awareness/browser-extensions-how-vet-and-install-safely
https://securelist.com/threat-in-your-browser-extensions/107181/
https://cgnet.com/blog/browser-extensions-its-time-to-mitigate-the-risks/
https://spin.ai/blog/browser-extension-risk-report/
https://www.darkreading.com/cloud-security/more-than-half-of-browser-extensions-pose-security-risks
https://www.techfinitive.com/business-high-risk-chrome-extensions/
https://www.fastcompany.com/90997838/5-cybersecurity-predictions-for-2024
https://www.linkedin.com/pulse/cyber-security-attacks-prediction-2024-digialert
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-2
https://venturebeat.com/security/five-bold-cybersecurity-predictions-for-2024/