- The browser extensions can be silent threats, silently harvesting your data without obvious signs
- Extensionpedia could become the essential source for the verification of additional browser modules before installation
- Pouchex exposes a serious security gap that even the main application stores regularly neglect
Navigator extensions often facilitate navigation by blocking advertisements, update passwords or the supply of productivity tools, but they also pose one of the most neglected security risks of today’s digital ecosystem.
To remedy this, the Cybersecurity Company Layerx launched ExtensionA kind of “Wikipedia for extensions”, aimed at providing in -depth risk assessments for more than 200,000 browser extensions through Chrome, Firefox and EDGE.
Internet users generally rely on application stores to check these extensions and ensure that they are safe. However, Layerx claims that these stores “do only a surface work to verify extensions”. Although they assess malicious software and obvious red flags, they do not start on behavioral models or the ownership line in the extension code.
“When someone installs a browser extension – either for personal use or work – users and their organizations have no idea of the authorizations of the extension, the renowned of the author, nor the overall risk profile of the extension,” said or ESHED, co -founder and CEO of Layerx.
This has created an escape through which malicious actors have repeatedly introduced spyware, advertising software and data harvesting tools.
In recent months, identity theft based on browser and data exfiltration via extensions have become so widespread that they have caused official agency warnings such as the FBI.
“Although browser extensions are often considered harmless, in practice, they frequently benefit from in -depth access authorizations to user identity information and data,” notes Layerx, “head hackers to use it as an attack channel for identification flight, account takeover and data theft”.
Layerx claims that its service draws anonymous data from millions of browser sessions via its database, which includes unified risk scores, granular authorization failures and detailed reputation analyzes, all in a tool available and accessible to the public.
While antivirus and terminal protection platforms can help protect against malicious extensions, the availability of a dedicated risk score could allow users to make more enlightened decisions.
However, users must actively search for the Extension Pedia database and understand the importance of authorization expanses or editor’s risk scores.
The concept is promising, but skepticism remains on the question of whether users will really understand the scores or will simply reject them as a technical jargon. In addition, the effectiveness of such a database to approach the wider landscape of cybersecurity threats remains to be seen.
The concept also assumes that users are looking for extensions before installing them, which rarely occurs in practice.
By making the risk scores for public extension, the Plainx undeniably increases transparency, but visibility alone does not equivalent to protection.
Extensionpedia is currently available for free, but its real impact will depend on how it is largely and thoughtful.
