Your Browser Extensions May Contain Malware—Here's How to Stay Safe

Be careful what you download

By
Sascha Brodsky
Sascha Brodsky headshot
Sascha Brodsky
Senior Tech Reporter
  • Macalester College
  • Columbia University
Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications.
lifewire's editorial guidelines
Updated on September 11, 2023 01:57PM EDT
Fact checked by
Jerri Ledford
Jerri Ledford
Fact checked by Jerri Ledford
  • Western Kentucky University
  • Gulf Coast Community College
Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others.
lifewire's fact checking process
Internet & Security
  • Google is trying to alert users about malware problems with the Chrome browser. 
  • Malware can steal your information.
  • Experts say to only download web extensions from official stores. 
An overview of a hacker using a computer in a dark room.
Hacker.

boonchai wedmakawand / Getty Images

Your web browser is vulnerable to hackers, but new ways exist to keep your data safe. 

Google has revealed that its Chrome browser will alert users when an extension is no longer available in the Chrome Web Store and may be infected by malware. It's part of an effort to stamp out software designed to disrupt browsers. 

"Malicious browser extensions interact with the browser and are usually poorly detected by consumer antivirus solutions," Jake Williams, a former National Security Agency offensive hacker and faculty member at IANS Research, told Lifewire in an email interview. "Given that more of our sensitive data is transacted through the browser every day, the risk of these malicious extensions is very real."

Browser Danger

An upcoming version of Chrome will allow a Chrome Web Store extension to be removed because either the developer unpublished it, it's been taken down due to a breach of Chrome Web Store policy, or it was flagged as malicious software.

In other versions of Chrome, when an extension containing malware was removed from the store after a user installed it, there was no alert prompting the user to uninstall it, leaving them exposed to potential risks.

Chrome 117, a build of the browser currently in beta, lets users navigate to the 'Privacy and Security' section within the settings page to get notifications about downloaded extensions. Upon clicking the 'Review' button, users will be directed to their extensions list. 

Malware in browsers can range from annoying, unwanted ads to destructive programs, Larry Zorio, the Chief Information Security Officer of Mark43, said via email. 

"Malicious malware can potentially steal information from the user," he added. "For example, when a user enters credit card or sensitive medical information onto a website, the extension can get in the middle of that connection and steal the information."

Google recently identified and removed from its web store 32 extensions with 75 million installs.

"These extensions are being used everywhere," Zorio said. "There are four main browsers in this space (Chrome, Explorer, Firefox, and Safari), and all four offer the ability to download extensions."

Given that more of our sensitive data is transacted through the browser every day, the risk of these malicious extensions is very real.

It's hard to measure the full scope of the malicious browser extension problem, Williams said. But, he added, the malware issue is "vast," stealing information from a large number of users.

"Malicious browser extensions targeting cryptocurrency were very impactful in recent years," he added. "Fake password managers also have been particularly problematic."

Keeping Your Browser Safe

Browser manufacturers like Google work hard to keep malicious extensions out of their official stores, Corey Nachreiner, the Chief Security Officer (CSO/CISO) at the cybersecurity firm WatchGuard, noted in an email to Lifewire. He said that if you stick to only trying well-known extensions that you download from your browser's official marketplace, you'll likely remain safe. 

"You should not, however, ever install browser extensions from third-party or non-official sources," he added. "That said, threat actors can still find new ways to sneak malicious extensions into legitimate browser marketplaces."

Never download them from random sites or third-party marketplaces, Nachreiner recommended. Also, try to stick to well-reviewed, well-known, and verified extensions. 

A system warning hovering above a tablet computer being used by a hacker.
Cybersecurity system warning.

Teera Konakan / Getty Images

"If you really don't need an extension, avoid it," he said. "If you find you are not using an extension you have, delete it. Also, pay close attention to the permissions you give an extension when you install it. Yes, even legitimate extensions will sometimes need significant permission to install. But you should ask yourself if the value you get from an extension is worth giving up those privileges to software?"

Another often-heard tip is to use some sort of antivirus or malware protection software. This type of software can sometimes detect malicious extensions or the additional malicious payloads they may install, Nachreiner said.

Consider getting children their own devices or locking down permissions so browser extensions can't be installed on their accounts, John Bambenek, the principal threat hunter at the tech firm Netenrich, said in an email. 

"Criminals target children, mostly through games, as a vector to get to parents," he added. 

Update 08/25/2023: Corrected a statement in Paragraph 10 at the source's request.

Update 9/11/2023: Added a job title at the request of the source.

Was this page helpful?