Extensions — convenience over security?
June 27, 2018 / Knowledge

Extensions — convenience over security?

Just like a phone does not feel right without any apps, a web browser missing extensions might seem a bit too simple for these modern times.Some load their browsers up with many extensions in varying degrees of usefulness. Some keep it simple and only keep the handy ones around. And some, of course, don’t even know that extensions exist.If you’re one of those few people who are still in the dark on what extensions are or how they function, here’s a quick rundown:

An extension is a mini program that adds desirable features and functionalities to the web browser. If you find yourself in need of bigger letters, tab sorters or just a cute little cartoon cat napping on your page you would visit your browser’s extension store. Unlike the features that automatically come with your browser, extensions can be developed by anyone and offered as useful additions to your daily life.

The extensions that are the most popular usually deal with some minor inconveniences. Ones like Ghostery, AdBlock, or StayFocused are popular among Chrome users because they get rid of inconveniences the browser sends your way. Coupled together with the fact that they’re always a click away or even run together with the browser it’s no surprise extensions are pretty popular.

Sounds like a delightful experience, right? This is where things might get a bit tricky. Although browsers like Chrome or Mozilla Firefox feature some extensions at the front of their stores, the companies themselves only offer the simplest extensions like calendars or calculators. This means that the market is open to anyone who wants to try their hand at building extensions. In other words, it’s a free space (with some level of set regulations).

This can be both a good thing and a bad thing. On the one hand, you may customize your experience as much as your heart desires. All the features you oh-so-desperately need but Chrome does not provide (security-driven extensions usually being top priority) become available. But on the other hand, over-stuffing your browser with unnecessary extensions might prove to be dangerous.

What is so dangerous about extensions, then?

Surely they must be safe — the extension stores have to approve an extension before releasing it into the world. Well, they might be safe from a usability standpoint, but still end up being vulnerable. It is very similar to a mobile app — when you agree on certain preferences with your browser, you are giving the same power to hackers. Since extensions can change and modify things like your browser data, it is no wonder third-party programs have problems with security.

Adrienne Porter Felt has reviewed Google Chrome extensions and a whopping total of 27 out of 100 extensions were confirmed to be vulnerable. See, extensions modify content, so even if the website you visited was safe the extension could possibly make it vulnerable through modifications. Most extensions are created with the purpose of being useful, which is why security is not the first priority for most developers.

By being vulnerable, extensions might prove to be a security issue not everyone can afford to have. If it’s a security-oriented extension like a password manager or overall surveillance, it might be a bit safer (although less convenient) to install the software instead.

Extensions are very useful, but as with all software, make sure to weigh all the pros and cons before mindlessly modding out your browser.


Written by Guostė Bačėnaitė, a copywriter at Adeo Web.

All images © Robertas Zigmantavičius