Browser add-ons provide third-party developers with the ability to customize the browsing experience by adding functionality. In this video, learn about the security risks associated with malicious browser add-ons.
- [Instructor] Browser add-ons are a valuable way to add functionality for web users, but they can also become malicious. Let's take a look at how add-ons and extensions work and what security risks they pose. Browser add-ons provide third party developers with the ability to customize the browsing experience, by adding functionality. Some example of this include adding e-mail functionality, such as returning messages to the inbox after a specified period of time, posting web pages to social media sites, managing passwords, or running video conferences.
There are, however, some security risks inherent with browser add-ons. First, you might not know who wrote the code. Someone malicious may embed Trojan horses within a browser extension. Second, the permissions may be overly broad, granting third parties access to your personal information. Let's take a look at how you can manage browser extensions in Chrome. If we go back to the settings screen, and click on extensions, you can see the extensions currently enabled.
Clicking on the permissions link for any extension, shows us the specific permissions that extension has to access information within your browsing environment. If we click on the details link, it opens the detailed information page for that extension, which tells you who wrote the extension, the purpose, and other information about it. It also give you the option to report abuse if you believe the extension is malicious. Also on the extensions screen, you have the option to disable any unwanted extensions by simply unchecking the enabled box.
If you'd like to completely remove an extension, simply click the trash can. That will go ahead and remove the extension. There's one other risk associated with browser extensions. Let's go ahead and take a look at a web page. Here's a story, where legitimate browser extensions, were purchase by malicious individuals and then used for other purposes. There's actually a market out there for extensions with large audiences, that can then be reused for other purposes. Whether attackers write their own malicious add-ons, or purchase and repurpose a popular existing add-on, the extra code inherent in browser add-ons and extensions, jeopardizes computer security.
Security administrators must be careful to understand, what extensions are running on browsers in their environments, and limit use to trusted add-ons with limited permission to access data.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities