Why You Probably Need To Stop Using Browser Extensions
A lot of us use extensions for our web browsers for a variety of reasons such as ad blocking, password management, spelling and grammar assistance, and so on. Extensions aren't only available on computers, either; they are also a part of mobile web browsers like Safari on iOS. They can be incredibly convenient much of the time, and there are a whole lot of them available for pretty much every browser these days. That's sort of the problem, though, as these extensions aren't always the most secure.
Since there are so many extensions available and the browsers themselves usually don't offer any kind of curation, it can be difficult to tell whether one is safe to download and use. And even if it is a safe extension, that safety and assurance could all be stripped away in an instant without warning. The more you install, the greater the chance that you'll encounter something nefarious.
Herein lies the danger
How-To Geek explains that one of the biggest risks surrounding browser extensions is that they typically need full permissions in order to work. This includes being able to read and/or make its own changes to any webpage you might be visiting. It makes sense given that a lot of these extensions couldn't, say, prevent ads from popping up if it wasn't able to see the ads coming in the first place, but that kind of access also means it could do a lot of damage if it was secretly designed for malicious purposes.
In fairness, not all extensions are malware in disguise that will log your keystrokes or save your personal information and passwords — but some could be. Worse than that, a trusted extension could unexpectedly become a problem regardless of your own input (or knowledge). For example, if a developer falls for a phishing scam, their work could be copied and replaced with a new version that inserts ads or steals password info. As well, a large company could buy out a small developer and make its own changes to a previously benign extension.
Mitigating the risks
Most modern browsers have some form of system in place that will inform you if an extension requires additional permissions after being updated. These browsers should also inform you of the permissions an extension will ask for before you install it. If an extension you want to download is asking for an uncomfortable amount of access, or if an extension you've been using is suddenly asking for access to new information, maybe give things a second thought before accepting. However, this doesn't really help if the permissions themselves don't change between versions.
Really, aside from paying very close attention to the permissions an extension asks for, the safest option is to just not use very many extensions — possibly even none at all if you can get by without them. The fewer extensions you use, the less likely you'll encounter malware in disguise (or an unexpected change in the future). And for the extensions you do want to use, try to vet them as best you can before installing, as noted by Mozilla. Are they from a trusted source or a person/company you've never heard of? Do recent user reviews raise any red flags? Maintain a healthy amount of vigilance and caution and you should be able to continue using browser extensions without issue, but be sure to keep an eye out for unexpected updates or ownership rights changes.