Browser Extensions


How do browser extensions work? If a browser extension is dangerous/insecure, how much information do they have access to and what authority do they have over the entire browser/computer?

In: 0

An extension is basically an extra bit of code. The code will run whenever a page loads or reloads depending on the extension.

Ideally, the extension doesn’t have privileges and access to information other than what it needs to run. This may mean access to the browser history, cookies, etc.

An insecure extension may request access to more than it needs and that could make it possibly dangerous. That doesn’t the extension is malicious, but that it could provide a possible attack vector to gain deeper access to the browser.

Usually, a browser doesn’t run with administrator privileges, so its access to the entire computer is limited.

The reason you will see advice to be careful with extensions is that despite all of this, a malicious extension could make use of vulnerabilities to gather data that it shouldn’t have access to and in the worse case, use vulnerabilities to gain deeper access to the computer.

If you stick to extensions like privacy badger, ublock origin, etc. that are well known and maintained, you’re quite safe.