The hidden danger of browser extensions

Estimated reading time: 3 minutes

If you’re like us, you use your web browser every day. While browsing the web has become synonymous with “Googling stuff”, for many people the browser has evolved beyond search – it’s now a centralized tool for getting things done.

Enter browser extensions. Designed to save time, automate tasks and personalize your surfing experience, these little nuggets of code have become so prolific that there are now thousands of extensions available for Chrome / Edge & Firefox.

And that’s where the danger lies . . .

The problem with browser extensions

While most browser extensions make our lives easier, there’s a major flaw in the way they work:

Unless you understand code, you are relying on blind trust.

In other words, unless know what it does under the hood, you don’t know what surprises are lurking inside the package. You’re taking chances on whoever wrote it.

If you’re unfortunate enough to download a malicious extension, it can do all sorts of nasty stuff:

  • Change your search engine / start page
  • Flood your browser with pop-ups / ads
  • Track your browsing history without consent
  • Redirect you to a page with a malware payload

That sucks!

What’s more, because browser extensions don’t require admin rights to install, this poses a unique risk to businesses: Anyone can accidentally install a malicious extension, which means IT departments have their hands full when it comes to managing these risks.

Why not just block extensions?

At Leap Cloud Solutions, we use browser extensions ourselves. Many of our clients rely on them to stay productive as well – including those who work in the legal space.

Some extensions are even useful for *blocking* malware – consider uBlock Origin, for example.

As an outsourced IT support provider in Vancouver, we see it as our duty to provide the best mix of “user experience” and cyber security. In our experience, if you create a system that’s too restrictive, frustrated users will just find a way around it (one of the key goals with a good cyber strategy is adoption).

So what’s the solution?

Solution 1 – Educate

This is always our preferred path when it comes to IT partnerships. Rather than rule with an iron fist, we prefer to work with our users on learning and creating a culture where everyone values cyber security rather than dreading it.

Here’s how to tell if a browser extension is safe:

  • Check to see who published the extension. Even if you know & trust the source, double-check it anyway because there are imposters out there who make “copycat” extensions.
  • Look at the reviews – in most cases, an extension with a high number of positive reviews means it’s trusted by a lot of people. The chances of downloading a malicious extension with a lot of good reviews is almost unheard of (almost).
  • When in doubt, ask your IT department. You can never go wrong by asking the experts. Worst case, we’ll give it a once over and if you really need it, we’ll test it in a sandbox for you so it doesn’t risk damaging your PC. And if you don’t need it, we’ll tell you because it means we have a *better* solution for you!

Solution 2 – Protect

The first line of defense is a good antivirus solution. Make sure your antivirus is 1) Up to date 2) Configured the right way and 3) Offers sufficient protection.

The second line of defense is control. With the right solution, it’s possible to create an allow list of trusted extensions which will stop even the least tech savvy users from accidentally installing something they shouldn’t.

If all of this sounds too complicated, don’t worry – as a managed IT service provider operating in Vancouver, Leap Cloud Solutions provides all these services & more.

We serve clients throughout the Lower Mainland, BC and even other provinces & territories. Our proactive help desk ensures your business stays protected while you focus on whatever it is you want to focus on (like taking a vacation).

Responsive. Proactive. Leap Cloud Solutions.

Why gamble with your IT investment?

“I’m tired of IT systems that are operating poorly. Tired of expensive & limited solutions that don’t scale with the business. Tired of support applying short-term bandaids to long-term problems. I want a solution that scales without any IT hassles. I want technology to be an aid, not a burden. And I want a team of experts I trust to lead the way. I’m ready.”

Well said. Let's make that happen.

“Responsive, pro-active & skilled – just what we needed. They’re a critical partner for our nonprofit. I can’t recommend Joel & his team enough.”

Tiffany Melius

New View Society

"Leap Cloud Solutions is extremely responsive and thorough. We have found that throughout our communications, their team is very knowledgeable and wants only the best for their clients. Our firm is impressed."

Nolan G. Westlin

Aaron Gordon Daykin Nordlinger LLP