{"id":5085,"date":"2025-07-30T16:18:16","date_gmt":"2025-07-30T16:18:16","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=5085"},"modified":"2025-07-30T16:18:17","modified_gmt":"2025-07-30T16:18:17","slug":"the-hidden-dangers-of-browser-extensions-and-the-way-to-keep-away-from-them","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=5085","title":{"rendered":"The hidden dangers of browser extensions \u2013 and the way to keep away from them"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"sub-title\">Not all browser add-ons are useful helpers \u2013 some might include excess of you&#8217;ve got bargained for<\/p>\n<div class=\"article-authors d-flex flex-wrap\">\n<div class=\"article-author d-flex\"><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/en\/our-experts\/phil-muncaster\/\" title=\"Phil Muncaster\"><picture><source srcset=\"https:\/\/web-assets.esetstatic.com\/tn\/-x45\/wls\/2021\/04\/Phil_Muncaster.jpg\" media=\"(max-width: 768px)\"\/><img decoding=\"async\" class=\"author-image me-3\" src=\"https:\/\/web-assets.esetstatic.com\/tn\/-x45\/wls\/2021\/04\/Phil_Muncaster.jpg\" alt=\"Phil Muncaster\"\/><\/picture><\/a><\/div>\n<\/div>\n<p class=\"article-info mb-5\">\n        <span>29 Jul 2025<\/span><br \/>\n        <span class=\"d-none d-lg-inline\">\u00a0\u2022\u00a0<\/span><br \/>\n        <span class=\"d-inline d-lg-none\">, <\/span><br \/>\n        <span>4 min. learn<\/span>\n    <\/p>\n<div class=\"hero-image-container\">\n        <picture><source srcset=\"https:\/\/web-assets.esetstatic.com\/tn\/-x266\/wls\/2025\/07-25\/browser-extensions-cybersecurity-risks.jpeg\" media=\"(max-width: 768px)\"\/><source srcset=\"https:\/\/web-assets.esetstatic.com\/tn\/-x425\/wls\/2025\/07-25\/browser-extensions-cybersecurity-risks.jpeg\" media=\"(max-width: 1120px)\"\/><img decoding=\"async\" class=\"hero-image\" src=\"https:\/\/web-assets.esetstatic.com\/tn\/-x700\/wls\/2025\/07-25\/browser-extensions-cybersecurity-risks.jpeg\" alt=\"The hidden risks of browser extensions \u2013 and how to stay safe\"\/><\/picture>    <\/div>\n<\/div>\n<div>\n<p>What would we do with out the net browser? For many of us, it\u2019s our gateway to the digital world. However browsers are such a well-recognized instrument immediately that we\u2019re in peril of giving them a free trip. In actual fact, there are many rogue extensions masquerading as reputable advert blockers, AI assistants, and even safety instruments which can be designed to steal our information, ship us to malicious websites and flood our display screen with popups. For instance, earlier this 12 months, a <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/chrome-browser-extensions-hijacked\/\" target=\"_blank\" rel=\"noopener\">malicious marketing campaign was uncovered<\/a> which will have impacted dozens of extensions and compromised almost three million customers.<\/p>\n<p>Subsequent time you\u2019re desirous about downloading an online browser add-on, suppose by the next dangers.<\/p>\n<h2>Why extensions matter<\/h2>\n<p>Browser extensions are an more and more in style car for menace actors. They provide attackers entry to an enormous quantity of delicate data, with individuals typically trusting these add-ons, particularly in the event that they\u2019re downloaded from official sources. Additionally, extensions present a number of avenues for monetization and malicious exercise and customarily give assaults a greater probability of success and are a menace additionally in company settings, the place they might typically keep beneath the radars of safety groups and instruments.<\/p>\n<p>Nevertheless, by putting in and granting an extension permissions, you might unwittingly be enabling malicious actors to entry your most delicate information \u2013 all the pieces from searching historical past to saved logins and session cookies, which could possibly be abused to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2022\/01\/05\/5-ways-hackers-steal-passwords-how-stop-them\/\" target=\"_blank\" rel=\"noopener\">hijack your accounts<\/a>.<\/p>\n<h2>When browsers go unhealthy<\/h2>\n<p>A <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cloud-security\/more-than-half-of-browser-extensions-pose-security-risks\" target=\"_blank\" rel=\"noopener\">2023 threat evaluation<\/a> of 300,000 browser extensions and third-party OAuth purposes utilized in company environments\u00a0revealed that half (51%) of the previous have been excessive threat and will doubtlessly have precipitated \u201cin depth harm.\u201d<\/p>\n<p>So how may they find yourself in your machine? Malware could also be hidden in legitimate-looking browser extensions like these purporting to be advert blockers or PDF converters and even safety enhancements. They could possibly be packaged up and positioned on browser shops for unwitting customers to obtain, bundled with different software program, shared by misleading hyperlinks or uploaded to platforms exterior your official internet retailer, the place hackers depend on customers \u201csideloading\u201d so as to goal them.<\/p>\n<p>Sideloading is especially harmful as a result of third-party shops don\u2019t characteristic the type of safety evaluations and different checks that official marketplaces have in place. Which means they\u2019re extra prone to characteristic dangerous add ons spoofed to seem as if reputable.<\/p>\n<p>Alternatively, menace actors may hijack or purchase a reputable extension and use it to ship malicious updates to its whole consumer base. Typically, extensions can appear reputable, however on activation <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/palant.info\/2023\/05\/16\/malicious-code-in-pdf-toolbox-extension\/\" target=\"_blank\" rel=\"noopener\">might be programmed to put in<\/a> new payloads with malicious capabilities.<\/p>\n<figure class=\"image\"><img decoding=\"async\" title=\"Rilide Stealer posing as a Chrome browser extension (source: ESET Threat Report H1 2024)\" src=\"https:\/\/web-assets.esetstatic.com\/wls\/2025\/07-25\/fake-browser-extension.png\" alt=\"fake-browser-extension\" width=\"\" height=\"\"\/><figcaption><em>Rilide Stealer posing as a Chrome browser extension (supply: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/web-assets.esetstatic.com\/wls\/en\/papers\/threat-reports\/eset-threat-report-h12024.pdf#page=12\" target=\"_blank\" rel=\"noopener\">ESET Risk Report H1 2024<\/a>)<\/em><\/figcaption><\/figure>\n<h3>What can malicious extensions do?<\/h3>\n<p>The nefarious actions run the gamut and embody:<\/p>\n<ul>\n<li><strong>Stealing information<\/strong>, together with usernames and passwords, searching historical past, session cookies (which can be utilized to entry your accounts without having a password) and monetary data. This can be sourced out of your clipboard, browser or obtained through keylogging as you kind it in. The tip purpose is often to both promote that information on the darkish internet, or use it on to hijack accounts and commit identification fraud.<\/li>\n<li><strong>Directing you to malicious or dangerous web sites <\/strong>which will harbor malware together with infostealers and banking Trojans. Different websites could also be spoofed to seem as if a reputable model, however are literally designed to reap your private and monetary data and\/or logins.<\/li>\n<li><strong>Injecting undesirable adverts and doable malware <\/strong>into your searching expertise. Advertisements could possibly be monetized by menace actors, whereas malware could also be designed to steal credentials or harvest different profitable private information for identification fraud.<\/li>\n<li><strong>Backdooring your browser <\/strong>in order that they&#8217;ll entry your machine at any time sooner or later.<\/li>\n<li><strong>Mining for cryptocurrency<\/strong> with out your information, one thing that may decelerate and even put on out your machine utterly.<\/li>\n<\/ul>\n<h2>Staying protected<\/h2>\n<p>To mitigate these dangers, warning is all the time suggested if you\u2019re on the hunt for a brand new extension. To start with, keep on with reputable internet shops and carefully scrutinize any new add-on. That may embody checking the developer\u2019s credentials, studying evaluations of the product and looking out individually for it to see if it has been related to any suspicious or malicious habits prior to now. Look carefully too at its permissions. If it requests any that appear to transcend what is required for the product, it ought to be a crimson flag. As is the case with, for instance, cell apps, not many extensions <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2019\/10\/02\/do-apps-need-all-permissions\/\" target=\"_blank\" rel=\"noopener\">ought to want entry<\/a> to your passwords or searching information.<\/p>\n<p>Further tricks to maintain your self protected embody:<\/p>\n<ul>\n<li>Maintain your browser up to date so it\u2019s on the most recent, safer model always. This implies it is going to be higher protected in opposition to potential malware.<\/li>\n<li>Swap on multi-factor authentication on all of your on-line accounts \u2013 that may go a good distance towards holding you protected even when a malicious browser extension does steal your passwords.<\/li>\n<li>To make your internet searching expertise safer generally, think about using a <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.eset.com\/us\/home\/protection-plans\/\" target=\"_blank\" rel=\"noopener\">secured browser mode<\/a> that&#8217;s provided along with different security-enhancing options by some safety distributors. This mode is available in notably useful if you carry out monetary and crypto transactions in your browser.<\/li>\n<li>Enhanced Secure Shopping in some frequent internet browsers also can assist you avoid malicious websites.<\/li>\n<li>Importantly, use safety software program from a good vendor, and carry out periodic scans to verify for something suspicious working in your laptop. It&#8217;ll go a good distance in direction of stopping you <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.welivesecurity.com\/2023\/05\/16\/you-may-not-care-where-download-software-malware-does\/\" target=\"_blank\" rel=\"noopener\">downloading malware from third-party websites<\/a>, or redirecting to a phishing web site.<\/li>\n<\/ul>\n<p>Each piece of software program we set up, irrespective of how small, comes with a component of belief; certainly, this belief could also be notably vital with browser extensions, as they function straight inside your gateway to the web. Think twice concerning the worth or comfort that an extension supplies versus the potential threat. Finally, the purpose is to make knowledgeable decisions concerning the add-ons you enable into your digital house. be sure you supply your browser extensions and, certainly, all different software program from dependable suppliers.<\/p>\n<p><iframe class=\"embed-video\" title=\"\" src=\"https:\/\/www.youtube-nocookie.com\/embed\/OGzEvCyPrZM\"><\/iframe><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Not all browser add-ons are useful helpers \u2013 some might include excess of you&#8217;ve got bargained for 29 Jul 2025 \u00a0\u2022\u00a0 , 4 min. learn What would we do with out the net browser? For many of us, it\u2019s our gateway to the digital world. However browsers are such a well-recognized instrument immediately that we\u2019re [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5087,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[2599,214,215,762,1001],"class_list":["post-5085","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-avoid","tag-browser","tag-extensions","tag-hidden","tag-risks"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5085"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5085\/revisions"}],"predecessor-version":[{"id":5086,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/5085\/revisions\/5086"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/5087"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-06-09 21:01:18 UTC -->