How to Make Sure Your Browser Extensions Are Safe

How to Make Sure Your Browser Extensions Are Safe

As useful as all those add-ons can be, don’t get complacent when it comes to making sure they’re also secure.

By David Nield

Browser extensions can be hugely useful, plugging gaps in functionality, adding cool new features and options, and generally just making life on the web more convenient.

At the same time, they have the potential to be a serious security risk—many ask to see everything you see online, some change key settings inside your browser, and they can operate and communicate with their developer (or with advertisers or other parties) in the background without your knowledge.

We don’t want to discourage you from using your favorite extensions, but you should definitely make sure the ones you’re using are safe. 

First, all the usual rules apply: Keep your computer and its applications up to date. Run regular malware scans. That’ll go a long way toward minimizing the risk posed by potentially dodgy extensions. Beyond those tips, here’s how to run an audit.How to Spot Threats Early

Identifying a bad browser extension isn’t an exact science, but there are some general pointers to follow. Always do your research before installing an add-on—check the reviews from other users and reviews on the web, if there are any. See when the extension was last updated, as really old and out-of-date tools can be less secure than newer ones, and definitely look for indications that the add-on has changed hands recently.

It’s important to make sure that the extensions you install come from official repositories, such as the Chrome Web Store or the Firefox Browser Add-Ons portal. It gives you some degree of certainty that the software you’re installing is legitimate and safe, so be a bit warier of extensions that you find elsewhere.

We’re not saying that new, unreviewed add-ons from unknown developers are bad, but you should be extra careful of them—can you find anything out about the company or the person behind the tool? Is it clear how the extension is being funded, or is it a passion project? What clues can you get from the website linked on the extension listing page, for example?

Double-check the permissions that an add-on is asking for. In some cases (Firefox), they’ll be listed on the extension page on the web; in others (Chrome), you won’t see them until you’re installing the software. Be on the lookout for any permission requests that seem unreasonable or strange considering what the add-on is supposed to do.How to Check Chrome Extensions

screenshot
Extensions in Chrome. Screenshot: David Nield via Google

To see the extensions you have installed in Chrome, click the three dots (top right), then choose More Tools and Extensions. Click Details next to any extension to reveal more information about it, including the browser permissions it needs to run and how much space it takes up on disk.

There’s also a list of websites the extension is allowed to access—this will typically be On all sites, but you can restrict it to On specific sites to limit the add-on to certain pages. To have the extension ask for permission to work its magic every time it needs access to a site, select the On click option.

Extensions that you’re not 100 percent sure about can be temporarily disabled using the toggle switch at the top of its individual settings page. If you want to get rid of an extension completely, select Remove extension and then Remove.How to Check Firefox Extensions

screenshot
Extensions in Firefox. Screenshot: David Nield via Mozilla

Fire up Firefox, and click the menu button (three horizontal lines, top right), then Add-ons and Themes and Extensions to get to your extensions. You’ll see currently installed extensions, plus some recommended ones that Firefox thinks you’ll like. Click on any extension toggle switch to disable or enable it.

Select an extension to see some details about it, including user reviews, a link to its website, and its developer. From the same screen, you can set whether or not an extension can update itself, and whether or not it can run in private (incognito) windows.

Switch to the Permissions tab to see exactly what a Firefox add-on is allowed to do on your system. If you decide an extension has overstayed its welcome, click the three dots to the top right then Remove and Remove again.How to Check Microsoft Edge Extensions

screenshot
Extensions in Edge. Screenshot: David Nield via Microsoft

Microsoft Edge is based on the same code as Google Chrome, so there are some similarities in the process here. Click the three dots in the top right-hand corner of the interface, then Extensions to get to the main list.

The toggle switches let you enable and disable extensions without actually removing them—you can get rid of them by clicking Remove and then Remove again. To learn more about an extension you’ve installed, click on Details.

On the Details page, you’re able to see the permissions granted to an extension and which sites it has access to (usually all of them, for most extensions). The same page lets you set whether or not an extension can run in Edge’s InPrivate mode.How to Check Safari Extensions

screenshot
Extensions in Safari. Screenshot: David Nield via Apple

In Safari on macOS, open the Safari menu and select Preferences, then switch to the Extensions tab. All of your installed add-ons are listed here, and the currently active ones will have a blue tick next to them.

To discover more about a particular extension, click on it—you’ll be able to see the add-on’s permissions and the sites it’s allowed to access, where applicable (most extensions want access to all the sites you visit). You can adjust the sites setting, but you can’t change the permissions.

If you decide that you’re not comfortable with having a particular extension installed, click Uninstall. If the extension is part of a bigger macOS app, you’ll be directed to Finder to get rid of the application completely.



Important Notice: Help Stop the Spread and Stay Healthy. (Read now)