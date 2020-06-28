The extensions they are the sauce of modern web browsers. They provide additional functionalities that would be impossible to achieve in any other way and allow you to personalize the experience to suit everyone. Can you imagine a browser without extensions? I do not. But just as they bring benefits, extensions also have their drawbacks.

The main drawback of the extensions is that they increase the consumption of the browser, but it is not the only one. Poorly optimized extensions can cause performance, stability… and security, which is what leads us today to talk about this topic. And is that extensions are also one of the weaknesses in the security of web browsers.

Last week we echoed the largest known security incident to date related to extensions; at the beginning of the year there was another, less important but equally significant; and although they seem specific cases, the truth is that on a smaller scale they are quite common. Although these last two affected Chrome -and derivatives, it is understood-, Firefox is not spared. It simply has far fewer users and is less palatable as a target.

In fact, no browser is freed because they are a very juicy attack vector: the tool with which the user connects to the Internet and accesses the services in which he is registered, including e-mail – means by which the passwords of the sites in which he has an account can be recovered – purchases, banks, etc. That is why the first security recommendation with the web browser is to always have it updated.

Other security recommendations for the web browser, good practices if you prefer, are those of not entering suspicious sites, not clicking on links that do not know where they have come from, not downloading and executing anything … and not installing extensions as if they are harmless elements, because they are not. The best way to avoid problems is common sense, but if you are not clear, we review it with you.

Basic security recommendations with extensions

Security aside, although it also counts, the first recommendation to maintain the good health of your web browser is that of extensions, the fair: Install only the ones you really need. Everything that is superfluous only hinders the experience, as you will discover if you do without it. The rest is obvious:

Don’t install the first thing you see

As obvious as you don’t install any application you find out there on your operating system, right? True? Well, that: do not start installing the first thing you come across, nor do you start installing extensions like crazy just in order to test them. OR do not do it in your main browser, where you have all your data. Install a compatible alternative browser and if you are interested in the functionality provided by the extension, ‘grade’ it and check it out.

Official extensions

Is your workflow based on services that offer extensions to manage your passwords, notes, tasks, or utilities and tools …? Install extensions from official sites, which is to be expected that you trust, instead of going to the store and looking for them out there. In fact, any site outside the Chrome Web Store, for example, will redirect you to this, because it is the policy imposed by Google. And if you don’t, be suspicious. This will avoid a possible case of * phishing *.

Check before installing

How do you check that an extension is reliable, before installing it? There are basic indicators in which if you look, they will help you not to be wrong. For example, is the extension you are interested in recommended by the store? So it means that it has been thoroughly tested and is safe. More things: Do you have many users? Do you have many positive comments and ratings? Does it have a track record or has it just been released? Has it been updated recently or is it updated frequently? If the answers are yes, it is a good sign.

It never hurts either trace the origin of the extension, in case you don’t have many users or reviews. Look at the developer data, go to their website, to the social networks in which they participate, and you can even go to the page where the project is developed, since in many cases the extensions are open source … But don’t worry, you don’t have to know programming; Just research as much as you can who is behind the extension and draw a conclusion for yourself of the confidence you can give it.

Of course remember also review the permissions the extension asks for and if they don’t fit you, doubt. For example, let’s say you want to install an extension to block advertising and among its permissions it requires knowing your email address … Doesn’t that sound logical? Well that.

And check after install

Has your browser started to go wrong and you don’t know why? Could it have coincided with the installation of an extension? Sometimes it happens and although it does not have to be related to security, it does not hurt to monitor the operation of the browser for a few days.

It can also happen that an extension that you have been using for a while suddenly updates and asks new permissions. If this happens, check that those new permissions correspond to some new functionality, because otherwise it doesn’t sound good.

Finally, remember to take a look every once in a while at the extensions you have installed, because you may have some that you never use and you can take advantage of cleaning and delete it. And if you do not want to delete it because you use it a little, but you use it, you can always deactivate it: it will stop consuming resources, but you will have it on hand for when you need it and it will also be synchronized between your computers (if you use browser synchronization, of course).

If you take all these tips into account, you should not encounter security problems when installing extensions in your web browser, although it should be noted that total security does not exist. In some cases, for example, legitimate extensions have been compromised because their developer has been ‘hacked’, although this is not common and usually resolves quickly.