How to make conscious choices about the extensions you install
The not-so-dirty secret about web browsers is that browser extensions can be a major security weakness. We last wrote about this issue with malicious extensions in December. But the problem with extensions deserves further treatment, especially as they can combine some very clever supply chain and obfuscation methods to make these kinds of attacks harder to detect and defend.
These extensions are powerful tools: they have the same ability as your user account to obtain read/write access to any data in any browsing session you bring up, which makes exploiting them a big issue. Many extensions don’t require any special permissions to run on your computer or phone.
Some of us just install extensions in the heat of the moment — we come across a web page that requests “for better viewing, install this extension.” That isn’t generally a good idea — instead of clicking on the install link, take a moment to think about what you're doing and see if you can get by without the extension.
How can browser extensions be exploited?
The supply chain issue is a big one. While the SolarWinds supply chain has recently gotten a lot of attention (including from President Biden), there are other ways to infiltrate apps.
This month, security researcher Brian Krebs wrote about outdated browser extensions that have been compromised by cybercriminals. They utilize unused or abandoned ex ..
Support the originator by clicking the read the rest link below.
