<center>[![](https://steemitimages.com/DQmbx7imUvfkEKfPxi4J8S54JZmFAokiKiYe3oaf6BzAJqo/image.png)](https://cdn.thinkcodenyc.com/wp-content/uploads/2014/06/browser-extensions.jpg)</center>

# Browser Extensions
---

Expanding the capabilities of your web browser through the use of plug-ins is something many of us do.  It's simple and easy to browse the Chrome Web Store or Add-ons for Firefox pages and stock up on tons of free, useful, and novel extensions to increase productivity, add features, or simply change the browser aesthetic.

Unfortunately, browser extensions are often built on technologies like HTML, JavaScript, and CSS that can be exploited to perform malicious functions.   With cross-browser extensions gaining support, the userbase for popular extensions is growing into the millions.

# Potential Risks
---

Recently, the Chrome Web Developer extension created by Chris Pederick was compromised, effecting over a million users.  Pederick **[tweeted out a notice](https://twitter.com/chrispederick/status/892768218162487300)** explaining that he had fallen victim to a phishing attack and accidentally handed over his Google account credentials.  The attacker used this to modify the extension and push an update that infected everyone using it.

**This is not the first time, or the last, that this sort of attack will happen.** Many of these attacks are aimed at injecting ads into your browser, which generate revenue for the attacker.  Malicious code could also be embedded in these ads, allowing for further infection to spread.  Even worse, keyloggers and clipboard sniffers could be added to the extension, potentially compromising millions of users sensitive information.

There was only one person that needed to be compromised in order to effect millions, indicating that this security model is incredibly flawed.

# What You Can Do
---

The first thing you should do is cut down on all unnecessary browser extensions.   

On Chrome, go to **chrome://extensions/** and review everything on this page.  Click the trashcan icon to delete all extensions you don't recognize or use.   Additionally, if you use incognito mode when accessing sensitive information websites, make sure that the appropriate extensions are able to run by checking the "Allow in incognito" option.

On Firefox, go to **about:addons** and select the "Extensions" tab on the left.  Go through and prune out everything unknown or unnecessary.

**If you had unknown extensions**, you're going to want to think about how they got there.  Do some google-fu and research the extension name, find out if it's legitimate and if it is automatically installed with any software you use.  You want to understand why and how things went wrong when they do in order to prevent them in the future.

# Recommended Extensions
---

**[Panopticlick](https://panopticlick.eff.org/)** is a neat tool from the Electronic Frontier Foundation (EFF) that can tell you how well your browser protects you from common tracking methods.  You will want to pass at least the first three tests, and ideally be protected from fingerprinting as well.

<div class="pull-right">

* **[Privacy Badger](https://www.eff.org/privacybadger)** - developed by the EFF, helps block spying ads and trackers
* **[HTTPS Everywhere](https://www.eff.org/https-everywhere)** - developed by the EFF, forces HTTPS on all sites
* **Self-Destructing Cookies** - automatically deletes cookies, add sites to the whitelist if you want to keep cookies for it

</div>

* **[Less is more](https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/)** - avoid all unnecessary browser extensions, they are a major risk
* **AdBlock/uBlock** - prevent ads from loading to decrease risk of accidentally clicking on one
* **NoScript/ScriptSafe** - stop background scripts from running without your consent

### For cryptocurrency users

* **[MetaMask](https://metamask.io/)** - not the most secure wallet application, but has a great **[blacklist of scam sites.](https://steemit.com/cryptocurrency/@tomshwom/metamask-blacklist-defeating-mew-clones)**

---

<center>**Let me know in the comments below what browser extensions you recommend!**

<sub>Leave a **like** or even **resteem** if you found this helpful. If you want to directly support my work, you can send ETH or ERC20 token donations to **Tomshwom.eth**.  Find me on  **[Reddit](https://www.reddit.com/user/AtLeastSignificant/).**</sub></center>