Skip to main content

Extensions In Popular Web Browsers Found To Have Vulnerabilities

By September 12, 2017May 22nd, 2021Cybersecurity

Security researchers in Europe have discovered a pair of flaws that relate to modern web browsers’ extension system. Exploiting these flaws would allow a patient and determined hacker to determine with absolute accuracy of what extensions any given user is making use of.

While not as critical of a flaw as some of the others we’ve seen in recent months, this information could still be used to create highly accurate user profiles. This would allow hackers to create custom-tailored phishing attacks and landing pages that a given subset of users who had a certain set of browser extensions installed would be more likely to click on or investigate, thus falling into the hackers’ trap.

It should be noted that these two flaws appear in all of the popular web browsers in use today, including Firefox, Safari, Chrome, Opera, Microsoft Edge and others, so this is something that impacts the vast bulk of the world’s internet users.

The reason?

All of these browsers use the same extension system, “WebExtensions API,” so the vulnerability is truly global in scope and scale.

Unfortunately, there’s not currently an ETA for a fix for the issue. The researchers approached all of the major browser makers to report the issue, but so far, none of the companies behind those products have responded with a firm plan for fixing the security flaw.

In part, this is because they’re all mired in the constant battle to close critical security loopholes, and this one just doesn’t quite measure up. It is nonetheless disconcerting that literally none of the major browser makers have plans that they’ve shared regarding this particular issue.

Unfortunately, there’s no practical defense against this for the time being. The only way to be sure you’re not being tracked in this manner is to simply stay off the web entirely, which just isn’t going to work for most people.

When the situation changes and at least one company has a plan on the table for fixing the issue, we’ll undoubtedly have more to say on the matter.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.