Managing Security Risks of Browser Add-ons: A Guide for Users, Assignments of Network security

An overview of browser add-ons, their functionalities, and the associated security risks. It covers the potential threats, such as malicious code and overly broad permissions, and offers solutions for managing extensions in google chrome. The text also mentions the risk of purchased extensions being repurposed for malicious purposes.

Typology: Assignments

2020/2021

Uploaded on 07/05/2021

farhan-ahmad
farhan-ahmad 🇵🇰

6 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
- [Instructor] Browser add-ons are a valuable way to add functionality for web
users, but they can also become malicious. Let's take a look at how add-ons and
extensions work and what security risks they pose. Browser add-ons provide third
party developers with the ability to customize the browsing experience, by adding
functionality. Some example of this include adding e-mail functionality, such as
returning messages to the inbox after a specified period of time, posting web pages
to social media sites, managing passwords, or running video conferences. There
are, however, some security risks inherent with browser add-ons. First, you might
not know who wrote the code. Someone malicious may embed Trojan horses within
a browser extension. Second, the permissions may be overly broad, granting third
parties access to your personal information. Let's take a look at how you can
manage browser extensions in Chrome. If we go back to the settings screen, and
click on extensions, you can see the extensions currently enabled. Clicking on the
permissions link for any extension, shows us the specific permissions that extension
has to access information within your browsing environment. If we click on the
details link, it opens the detailed information page for that extension, which tells
you who wrote the extension, the purpose, and other information about it. It also
give you the option to report abuse if you believe the extension is malicious. Also on
the extensions screen, you have the option to disable any unwanted extensions by
simply unchecking the enabled box. If you'd like to completely remove an
extension, simply click the trash can. That will go ahead and remove the
extension. There's one other risk associated with browser extensions. Let's go
ahead and take a look at a web page. Here's a story, where legitimate browser
extensions, were purchase by malicious individuals and then used for other
purposes. There's actually a market out there for extensions with large
audiences, that can then be reused for other purposes. Whether attackers write
their own malicious add-ons, or purchase and repurpose a popular existing add-
on, the extra code inherent in browser add-ons and extensions, jeopardizes
computer security. Security administrators must be careful to understand, what
extensions are running on browsers in their environments, and limit use to trusted
add-ons with limited permission to access data.

Partial preview of the text

Download Managing Security Risks of Browser Add-ons: A Guide for Users and more Assignments Network security in PDF only on Docsity!

  • [Instructor] Browser add-ons are a valuable way to add functionality for web users, but they can also become malicious. Let's take a look at how add-ons and extensions work and what security risks they pose. Browser add-ons provide third party developers with the ability to customize the browsing experience, by adding functionality. Some example of this include adding e-mail functionality, such as returning messages to the inbox after a specified period of time, posting web pages to social media sites, managing passwords, or running video conferences. There are, however, some security risks inherent with browser add-ons. First, you might not know who wrote the code. Someone malicious may embed Trojan horses within a browser extension. Second, the permissions may be overly broad, granting third parties access to your personal information. Let's take a look at how you can manage browser extensions in Chrome. If we go back to the settings screen, and click on extensions, you can see the extensions currently enabled. Clicking on the permissions link for any extension, shows us the specific permissions that extension has to access information within your browsing environment. If we click on the details link, it opens the detailed information page for that extension, which tells you who wrote the extension, the purpose, and other information about it. It also give you the option to report abuse if you believe the extension is malicious. Also on the extensions screen, you have the option to disable any unwanted extensions by simply unchecking the enabled box. If you'd like to completely remove an extension, simply click the trash can. That will go ahead and remove the extension. There's one other risk associated with browser extensions. Let's go ahead and take a look at a web page. Here's a story, where legitimate browser extensions, were purchase by malicious individuals and then used for other purposes. There's actually a market out there for extensions with large audiences, that can then be reused for other purposes. Whether attackers write their own malicious add-ons, or purchase and repurpose a popular existing add- on, the extra code inherent in browser add-ons and extensions, jeopardizes computer security. Security administrators must be careful to understand, what extensions are running on browsers in their environments, and limit use to trusted add-ons with limited permission to access data.