The internet browser is one of the most basic assets of any netizen, yet many of us overlook its importance. If you think about it, a browser is like a Swiss Army Knife since it can be fitted with any number of useful add-ons of your choosing. However, the extra level of convenience that is offered by such extensions could hide serious security risks as hackers are skilled at exploiting even the smallest weak points in any system.
Covering your browser with add-ons the same way you decorate a Christmas tree will only increase the risk of being infested with malware, since there is a higher chance of installing an online tool that is outdated or poorly protected. And worst of all is the fact that even privacy-focused extensions – such as those of password managers or VPNs – are a liability for your system.
Add-on exploits happen with an alarmingly high frequency and even high-profile software isn’t safe from them. Here is a brief list of victims from over the years.
During the first week of February 2017, Grammarly’s popular auto-correcting browser extensionentered the spotlight after exchanging authentication tokens with third-party websites. These leaked credentials could allow others to steal your identity and then log into Grammarly with your account and access your documents, history, or logs. The severity of this exploit was quickly remedied, but it’s not known how many people were affected from the 22 million user base.
A password management add-on that works in favor of a hacker can be a true nightmare, but this is exactly what happened with Keeper, password management software that comes as default with Windows 10 systems. Malicious individuals have found a way to fool the browser extension into handing over personal credentials when used on an infected site. Since the software is a vault of personal information for other accounts, this security flaw effectively compromises a person’s entire online life. After the initial reports, the issue was fixed within 24 hours.
Not all security exploit happens by accident. The popular browser-based VPN Hola was a favorite for years until its shady practices were unveiled in 2015. First of all, the service is a VPN in name only. Although the tool could help circumvent geo-restrictions, it also reroutes traffic through someone else’s connection that is also using Hola, failing to add any form of encryption. But most importantly, this so-called ‘VPN’ also logs user data and sells it to third-party companies. So much for a zero-log policy…
It’s worth noting that sometimes the platform itself serves as a source for infestation. Browsers often fail to properly vet the hundreds of freshly submitted add-ons, which can lead to an epidemic of malware-ridden extensions. In the past Chrome was heavily criticized for overlooking a flaw in an update that allowed plug-ins on the marketplace that could eavesdrop through your microphone.
The reason hackers and data thieves favor focusing on browser extensions so much is because the add-ons operate under different rules than software that runs directly from the desktop. If you have a password management tool installed on your system, then it’s impossible to crack it even if it has certain online features. Add-ons, on the other hand, must factor in the faulty coding of the platform too. Implementing a new feature or changing a function in the browser influences all the installed extensions, and this domino effect often produces small but significant loopholes. Fixing the issue could well be a walk in the park but it requires someone to spot and report the security weakness beforehand.
If you wish to avoid becoming a victim, then be sure to keep all your add-ons up to date. In addition, double check the reputation of each extension before installation to prevent the any shady malware from making it onto your computer. This is especially true for free VPN services, antivirus software and password management tools, since hackers love to disguise their virus as a preventive measure. Also be sure to get rid of any add-ons that you don’t use anymore, as well as those that have been abandoned by their developers.
Password management software can help you store login credentials safely, but only if you use the desktop version. Those who rely on browser-based password managers should stay away from the autofill function because this ease of use goes hand in hand with the degradation of your security. As for VPNs, we can’t recommend them enough; besides the military-grade encryption and geo-unblocking functionality that they offer, they often include features to prevent DNS and WebRTC leaks. The latter in particular plays an especially significant role in preventing the exposure of your IP in JavaScript, a programming language used by all browsers.
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
©2012-2024 Best Reviews, a clovio brand –
All rights
reserved
Privacy
policy
·
Cookie
policy
·
Terms
of use
·
Partnerships
· Contact
us