
- [Instructor] Browser add-ons are a valuable way to add functionality for web
users, but they can also become malicious. Let's take a look at how add-ons and
extensions work and what security risks they pose. Browser add-ons provide third
party developers with the ability to customize the browsing experience, by adding
functionality. Some example of this include adding e-mail functionality, such as
returning messages to the inbox after a specified period of time, posting web pages
to social media sites, managing passwords, or running video conferences. There
are, however, some security risks inherent with browser add-ons. First, you might
not know who wrote the code. Someone malicious may embed Trojan horses within
a browser extension. Second, the permissions may be overly broad, granting third
parties access to your personal information. Let's take a look at how you can
manage browser extensions in Chrome. If we go back to the settings screen, and
click on extensions, you can see the extensions currently enabled. Clicking on the
permissions link for any extension, shows us the specific permissions that extension
has to access information within your browsing environment. If we click on the
details link, it opens the detailed information page for that extension, which tells
you who wrote the extension, the purpose, and other information about it. It also
give you the option to report abuse if you believe the extension is malicious. Also on
the extensions screen, you have the option to disable any unwanted extensions by
simply unchecking the enabled box. If you'd like to completely remove an
extension, simply click the trash can. That will go ahead and remove the
extension. There's one other risk associated with browser extensions. Let's go
ahead and take a look at a web page. Here's a story, where legitimate browser
extensions, were purchase by malicious individuals and then used for other
purposes. There's actually a market out there for extensions with large
audiences, that can then be reused for other purposes. Whether attackers write
their own malicious add-ons, or purchase and repurpose a popular existing add-
on, the extra code inherent in browser add-ons and extensions, jeopardizes
computer security. Security administrators must be careful to understand, what
extensions are running on browsers in their environments, and limit use to trusted
add-ons with limited permission to access data.