Browser Extension Threats: What You Should Know
POSTED ON October 21, 2022
For many users, the portal to the web is through a browser, such as Chrome, Safari, Microsoft Explorer, or Firefox. Most users have at least one browser, if not multiple, that they use daily.
However, as with most popular pieces of technology, cyber attackers have set their sights on leveraging these web browsers to their advantage. The browser extension is one new vector of attack that small and medium businesses (SMBs) should watch closely. These are the add-ons that a user (such as an employee) might download to add helpful functionalities to their web browsers but might also put them at risk.
Browser extensions, such as ad blockers, coupon code trackers, and other helpful applications, have become incredibly common in today’s digital world. The Chrome Web Store, for instance, has more than 180,000 browser extensions available — and that is only one platform where these are available for download. In addition, many more are available on the open web for users to download to their systems.
There are a few common ways that attackers can leverage these browser extensions to their advantage. One common way is to offer malicious browser extensions with compelling capabilities that make unsuspecting users download the extension and apply it to their browsers, allowing attackers to steal data or offload other malicious code. According to one study, 80 million users downloaded malicious browser extensions, which put themselves and their organizations at risk.
One example is an adware family called WebSearch, which can pose as a PDF viewer extension or another helpful tool and then updates the browser start page to malicious links or shopping links that allow attackers to profit. Another example is FB Stealer, which implants into browser extensions to steal login credentials and session cookies.
While app stores do their best to vet these browser extensions for malicious code, they cannot always be trusted. For instance, a browser extension may push the malware during a subsequent update after being downloaded, or good-intentioned application developers may be compromised, then have their code updated with malicious content by attackers without their knowledge.
There are a few things that SMBs can do to protect themselves against this new threat. First, they should educate their employees on the risk and encourage them only to download browser extensions, should they need them, from validated and trusted app stores, such as Google or Apple. Users should also be encouraged to read the permissions to see what information the browser extension is requesting access to and uninstall any old browser extensions they no longer use. Finally, SMBs can also choose to put limits on what browser extensions can be downloaded through policies set by their IT manager, another way to protect their organization.
As cyberattacks continue to rise worldwide, SMB business leaders should continually educate themselves and their teams on the risks of new threats. By taking steps to protect themselves from these attacks, SMBs can help ensure that they are mitigating this risk for themselves and their customers.