Browser extensions are great. They can help you save all kinds of time and they can make your life just a bit easier by doing all kinds of helpful things. There can be a downside to them though as serious security issues are emerging with them. Do you know what your browser extensions can do?

Browser Extensions

Browser extensions are for your browser what plugins are for your WordPress site. They can do all kinds of cool stuff to make your life a bit easier. Here is a list of some of the top extensions for the Chrome browser. They are cool and many of them do exactly what they advertise and nothing more.

Unfortunately that is not the case for all of them as security researcher Brian Krebs reported. A health provider in California was flagged for malicious content and it was found that unauthorized code was inserted by a browser extension that was installed on the computer of an employee who had edited the site.

Browser Extensions Doing More Than Advertised

Browser extensions are potentially given a great deal of power. They can read all of the data from your browsing sessions and it is possible to write data too. This information is reported back to the development company who then sells that information to advertisers or even criminals.

On top of that, just like with plugins they are not always properly maintained. Extensions can become obsolete over time or they can be compromised. In the case in California the browser extension, Page Ruler, had become obsolete which led it to be compromised. This extensions let users measure the inch/pixel width of an image as well as other objects on a web page. The original developer had sold it several years after developing it. This instance was also not the first case of it inserting malicious code on a website as several other reports of it happening could also be found dating back to 2018.

Despite that it was still available for download (and still is) on the Google Chrome Store

A Case In California

In this case the extension was able to determine what CMS the user is using like WordPress. It silently added a request for a javascript link at the end of whatever the user types, like on a blog post, and hides it. The code is then saved when the user saves their work and published. In most cases it generates ads or attempts to download a file that will display the advertisements.

With the health provider its security software caught it as it attempted to download the file and flagged it as adware. When Krebs downloaded a copy of the file it stated that the advertisements were in place to compensate the developer for the hours of work that they put in creating and maintaining the plugin and that they could be disabled in the plugin settings page and by making a donation.

When Krebs went to the link listed the page no longer existed. Further evaluation resolved it back to a gmail address which was linked to a defunct advertising network that marketed itself as an analytics platform. A domain using the same name in the email address was found and full of spelling and grammatical errors. Considering the Chrome Store lists a Petar Ivanov as the author that should not be surprising.

Krebs contacted the original developer who confirmed that he had sold the extension to a firm that he anticipated would try to monetize it. He had not updated the extension for three years at that point and had moved on in his life. 

Monetizing Browser Extensions

Selling extensions is not uncommon and there are companies that specialize in it and they are quite profitable thanks to advertising revenue. They can either purchase or lease an extension and promise a large payday for plugins that have a lot of downloads. Page Ruler had more than 400,000 downloads making it a lucrative target.

Do you know what extensions you have installed on your browser? You probably should check. If you have old extensions or extensions that you no longer use you should delete them. You should also check to see when the last time an extension was updated. If it is not being actively maintained you need to be careful with it. Just like with plugins for WordPress security vulnerabilities can be found anytime and need to be patched quickly. 

What Browser Extensions Are You Running?

Think about it this way. By installing the browser extension on your machine you have given it permission to run. It now has free range to do what it does while you do what you do on your computer. It could send information back to advertisers, it could add malicious code to your website that you and your visitors will have to deal with or it could do much worse. 

Just like with obsolete plugins, obsolete browser extensions need to be removed. How can you do it? It is usually quite easy to do. Here is how you do it with Chrome, Edge, Safari, Opera and Firefox.

Comments are closed.

Scroll to Top