The Privacy Risks of Browser Extensions – A Guide for Safety

Browser extension icon, browser window and alert icon on a light background
Click here to see a summary of this article
The Privacy Risks of Browser Extensions: A Quick Guide

Dangerous browser extensions can seriously undermine your security. At present, Google Chrome is the only browser that asks you to agree to browser extension permissions.

Left unchecked, dangerous browser extensions could log your keystrokes or even provide a passage for malware to make its way onto your device. That’s why, in this article, we show you how to check and uninstall extensions in:

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Safari

Read the full article below for instructions on how to remove browser extensions that pose serious privacy risks!

We’re not here to tell you that all browser extensions are a threat to your online safety. Some add new functionality and options to your browser, making life easier when you need to search, shop, or simply remember all your passwords.

For example, 1Password and Avast Antivirus both offer browser extensions, and these are two great examples of how they actually improve overall security.

However, the dangers of some browser extensions can’t be understated. Some browser extensions are actually browser hijackers hiding in plain sight, which will steal your data and resell it to marketing agencies, or worse.

In this article, we explore the many privacy risks of browser extensions and what you need to look out for.


What Are Browser Extensions?

Browser extension iconBrowser extensions are addons for your browser that can give you extra functionality. Usually, this means adding options like blocking adverts, helping you to find shopping coupons, and translating web pages.

The most popular internet browsers have online stores that you can use to find and install these nifty tools. They can be really useful, though if you install the wrong kind, they can also be dangerous.

Why are browser extensions dangerous?

Some extensions are malicious and exist only to cause you problems. Cybercriminals can occasionally sneak a malware-infested extension past Apple or Google to siphon off data or make money from your browsing activities.

Others, while not classed as malware, might steal your data to be resold to marketing agencies. Unless you’re dealing with malware, most browser extensions require permissions to interact with your browser.

That said, only Google Chrome asks you to agree to these upon installation. Other browsers simply grant an extension any permissions that it requests, and you’ll have no say in whether or not that’s okay. This makes dangerous extensions a huge threat to your online security.

What’s more, even safe extensions can eventually become a threat. If a developer’s account is hacked, a malicious update could be pushed to your extensions, as they update automatically.

There have even been instances in the past of genuine, safe extensions being purchased by another company, which then turns the tool into adware.


What Are the Risks of Browser Extensions?

Above, we’ve talked generally about how browser addons can be a risk to your security. Below, you’ll find some specific examples of the risks of browser extensions:

  • A malicious browser extension could capture your keystrokes. If a keylogger has been embedded in your browser extension, it could capture your login credentials or payment card details. In fact, it could record everything else you type and log all your data.
  • Dangerous browser extensions can redirect your searches. Some browser extensions can even load malicious websites instead of the site you typed into your address bar.
  • Your browsing activity could be captured and resold. Some extensions log your online activity so that it can be sold to marketing agencies.
  • Dangerous browser addons could also download malware onto your device.

If you want to continue browsing securely, you should understand how to check the permissions granted to your extensions. You should also know how to uninstall browser extensions by yourself. It’s straightforward and will only take a few moments.


How to Check Your Browser for Dangerous Extensions

Whether you install new extensions regularly or not, you should review your browser settings for any dangerous extensions. Even if you haven’t installed any yourself, they could’ve made their way onto your computer with malware in the past.

Below, we’ll show you how to check Google Chrome, Microsoft Edge, Mozilla Firefox, and Safari for dangerous extensions.

How to check your browser extensions on Google Chrome

Google Chrome is often considered one of the safest browsers for extensions. It’s the only browser that’ll ask you to confirm browser extension permissions when installing a new tool.

Still, Google Chrome extensions, like all other extensions, can potentially be dangerous. Here’s how to check which ones you have installed:

  1. Open Google Chrome.
  2. Click on the three-dot menu in the top-right of your browser.
  3. Click on More Tools and then Extensions.
  4. Screenshot of Chrome extension page
  5. Now, if you click on Details beside each extension, you can see more information about each tool. This includes the permissions they have to interact with your browser and a list of websites they can access.

At this point, you can disable extensions using the toggle button. We recommend disabling any extensions you don’t recognize until you understand what they’re doing.

Unfortunately, Android Play Store and operating system security are a little laxer than Apple’s iOS. While this has some benefits for developers, it also means that countless dangerous extensions have been found on Google Chrome browsers in the past.

How to check your browser extensions on Mozilla Firefox

Firefox was created as an alternative to Internet Explorer and Chrome. Launched in 2002, the browser now works on Windows, macOS, Linux, iOS, and Android.

With such an illustrious service history, it’s time to check whether you have any dangerous Firefox extensions lurking on your browser.

  1. Open Mozilla Firefox.
  2. Click on the three-dot menu in the top-right of your browser.
  3. Click on Add-ons and Themes and then Extensions.
  4. Screenshot of Firefox Extension panel
  5. If you click on each extension, you’ll have an option to disable it via a toggle button. You can also check out more information about the extension. This includes the developer and their website, whether the tool can self-update, and user reviews.

From the extensions page, you can also click on the Permissions tab. In this tab, you’ll find even more detailed information about what permissions the extension has on your system.

Alternatively, removing the extension is as simple as selecting the Remove option shown in the above image.

How to check your browser extensions on Microsoft Edge

If you’ve already reviewed your extensions on Chrome, and use Edge too, you’ll see that the process is largely similar. That’s because the underlying code for Edge and Chrome is quite similar. Otherwise, follow the steps below:

  1. Open Microsoft Edge.
  2. Select the three-dot menu in the top-right of your browser.
  3. Next, click on Add-ons and Themes and then Extensions.
  4. Screenshot of Microsoft Edge Extensions window
  5. Now, you can click on each installed extension to see more information or disable the tool. You can also select the Remove option twice in the three-dot menu to uninstall each browser extension.

Like with any other browser, be wary of installing new extensions. Or, if you trust Google’s word, switch to another browser entirely. Not too long ago, Google warned against using Edge to run browser extensions as part of a marketing campaign for Chrome.

According to Google, the experience is safer in Chrome, though any browser can be hijacked if you install dangerous extensions.

How to check your browser extensions on Safari

While Apple’s software is generally seen as more impervious to malware than Windows or Android, you can still unknowingly download dangerous Safari extensions.

  1. Open Safari on macOS.
  2. In the top-left of your screen, click on Safari and then Preferences.
  3. If it’s not already open, click on the Extensions tab along the top.
  4. You should be able to see a list of extensions installed on Safari.
  5. Screenshot of Safari Extensions panel
  6. Simply click on an extension, then click Uninstall to remove any you’re unsure about.

How to Protect Yourself Against Dangerous Browser Extensions

While some extensions are dangerous, the right extensions can still be really helpful. As we mentioned earlier, we’re not telling you to avoid all extensions. You just need to know how to use browser extensions safely.

1. Only download browser extensions from trusted websites

Malicious browser extensions occasionally make their way onto official marketplaces. However, they’re still the safest way to download new browser extensions.

Companies like Apple and Google do their best to vet any new submissions from developers. In most cases, you can trust extensions when they’re available from places like the Chrome Web Store, for example.

2. Don’t download too many browser extensions

Installing a large number of extensions could slow down your browser and make internet browsing more sluggish. Besides, by installing every extension you come across, you increase the number of potential threats to your device.

Don’t forget, some legitimate browser extensions could be turned into adware after ownership changes, or if they’re hacked.

3. Uninstall any unused or unrecognized extensions

Check your browser extensions regularly. Uninstall any that you don’t recognize, and be sure to remove extensions that you no longer use.

Check out our guides above for instructions on how to uninstall browser extensions so that you can cleanse Chrome, Firefox, Edge, or Safari.


Final Thoughts

Now, you should have an understanding of how to check your browser for dangerous extensions. It’s a good idea to at least review the permissions that each extension has if you’re going to continue using any of them. Also, remember to:

  • Only use trusted sources to download safe, secure extensions
  • Limit the number of extensions you’re using at any one time
  • Uninstall browser extensions that you don’t recognize or don’t use

If in doubt, it’s better to remove the software from your computer than risk becoming infected by malware or having your personal data stolen.

The Privacy Risks of Browser Extensions: Frequently Asked Questions

Below, you’ll find frequently asked questions relating to the dangers of browser extensions and browser add-ons.

Not all browser add-ons are dangerous, but the risks of malicious browser extensions include:

  • Having your search queries or website requests forcibly redirected to malicious websites
  • Embedded keyloggers recording and stealing your data, like login credentials and financial information
  • Having your browser activity logged and sold to marketing agencies

Some malicious browser extensions could even install malware directly onto your device, opening you up to even more online security risks.

One of the best ways to keep safe when using browser extensions is to ensure you use trusted sources. For example, on a Mac, download your apps from the Mac App Store for Safari. If you’re a Chrome user, turn to the Chrome Web Store.

However, this isn’t a guaranteed way to stay safe, as these official stores have been breached in the past. We recommend limiting the number of extensions you use and uninstalling any that you don’t recognize.

Yes, downloading a malicious browser extension could result in your device being infected with further malware.

In the past, Chrome and Firefox extensions were uncovered which resulted in around 4 million people having their browsing histories logged and published online.

This is why it’s so critical to download browser extensions from trusted sources and regularly review the permissions granted to them.

Cybersecurity journalist
Chris is a tech journalist with many years' experience covering the latest news in online privacy and cybersecurity. He's also a published author and works as a Product Manager for some of the most innovative software development companies.