Browser extension

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A browser extension is a computer program that extends the functionality of a web browser in some way. Depending on the browser and the version, the term may be distinct from similar terms such as plug-in or add-on. Some extensions are authored using web technologies such as HTML, JavaScript, and CSS.[1] Browser extensions can change the user interface of the web browser without directly affecting viewable content of a web page; for example, by adding a "toolbar."


Microsoft Internet Explorer started supporting extensions from version 5 released in 1999.[2] Mozilla Firefox has supported extensions since its launch in 2004. The Opera desktop web browser supported extensions from version 10 released in 2009. Google Chrome started supporting extensions from version 4 released in 2010. The Apple Safari web browser started supporting native extensions from version 5 released in 2010. The syntax for extensions may be quite different from browser to browser, or at least different enough that an extension working on one browser does not work on another. As for search engine tools, an attempt to bypass this problem is the multitag strategy proposed by the project Mycroft, a database of search engine addons working on different browsers.[3]


Many browsers have an online "store" that allow users to find extensions and see lists of popular extensions. For example, Google Chrome,[4] Mozilla Firefox,[5] and Apple Safari.[6] all provide such stores, together with unofficial stores.[7][8]


Browser extensions are used for a number of purposes.


Main article: Browser toolbar

A browser toolbar is a toolbar that resides within a browser's window. All major web browsers provide support to browser toolbar development as a way to extend the browser's GUI and functionality. Browser toolbars are considered to be a particular kind of browser extensions that present a toolbar. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one.


Plug-ins add specific abilities into browsers using application programming interfaces (APIs) allowing third parties to create plug-ins that interact with the browser. The original API was NPAPI, but subsequently Google introduced the PPAPI interface in Chrome.


Browser extensions can help protect your online privacy far beyond the private browsing feature available on most browsers. There are many types of extensions that can be used to control various aspects of your browsing privacy and can mitigate threats. Most of the browser extensions related to privacy fall into three groups: extensions that prevent third parties from tracking your movements, extensions that block ads and scripts, and passive security tools that enforce good habits.[9]


Browser extension development is the actual creation of an extension for a specific browser. Each browser type has its own architecture and APIs to build the extensions which requires different code and skills for each extension. Nowadays there are development frameworks which allows developers to build cross-browser extensions with only one code base and one API, eliminating the need to develop a different extension version for each one of the Browsers. Examples of those frameworks are Add-ons Framework which allows developer to build cross browser extensions for Internet Explorer, Firefox, Chrome, Safari and Opera,[10] and the Crossrider development framework which allows developers to build cross browser extensions for Internet Explorer, Firefox, Chrome and Safari.[11]

Extension Maker [12] is another one interesting tool for cross browser extensions development. Opposite above two, you don't need to write any code. You can develop an extension from preexisting blocks.

Unwanted behavior[edit]

Browser extensions have access to everything done by the browser, and can do things like inject ads into webpages, or make "background" HTTP requests to a third-party server. This power can be abused by browser extensions; while Web pages are constrained by the security model of the Web (in particular, the same-origin policy), extensions are not.

As a result, a browser extension may not behave as described, and take action against the interest of the user that installed it. Such browser extensions are a form of Malware. Some software downloads come with unwanted bundled programs that install browser extensions without a user's knowledge, while making it hard for the user to uninstall the add-on.[13]

In 2012, a security researcher "developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more." [14]

In May 2013, Microsoft reported discovering a browser extension for Chrome and Firefox that "tries to hijack Facebook profiles" in Brazil.[15]

Some Google Chrome extension developers have sold extensions they made to third-party companies who silently push unwanted updates that incorporate previously non-existent adware into the extensions.[16][17] In January 2014, Google removed two extensions from its browser service Chrome due to violations of its own terms of service. The decision to remove the two extensions, "Add to Feedly" and "Tweet This Page", arose when users noticed these extensions created unwanted pop up ads, after the extensions had been sold by their developers to third parties.[18]

Five percent of computer browser visits to Google owned websites are altered by computer programs that inject their own ads into pages.[19][20][21] Researchers have identified 50,870 Google Chrome extensions and 34,407 programs that injected ads. Thirty-eight percent of extensions and 17 percent of programs were catalogued as malicious software, the rest being potentially unwanted adware-type applications.

See also[edit]


  1. ^ "What are extensions?". Retrieved 18 February 2014. 
  2. ^ "Browser Extensions". Retrieved 2010-06-05. 
  3. ^ "Mycroft project". Retrieved 2011-10-27. 
  4. ^ "Chrome Web Store". Retrieved 15 March 2014. 
  5. ^ "Mozilla Firefox Add-ons". Retrieved 15 March 2014. 
  6. ^ "Safari Extensions". Retrieved 15 March 2014. 
  7. ^ Eg: "Safari Add-ons". Retrieved 1 March 2015. 
  8. ^ "Opera Extensions". Retrieved 1 March 2015. 
  9. ^ "LifeHacker". 
  10. ^ "Add-ons Framework". Retrieved 19 December 2013. 
  11. ^ "Crossrider". Retrieved 28 April 2013. 
  12. ^ "Extension Maker". Retrieved 13 October 2013. 
  13. ^ "PUP Criteria". Malwarebytes. Retrieved 13 February 2015. 
  14. ^ "Researcher to demonstrate feature-rich malware that works as a browser extension". Retrieved 15 March 2015. 
  15. ^ "Browser extension hijacks Facebook profiles". Retrieved 15 March 2015. 
  16. ^ "Adware vendors buy Chrome Extensions to send ad- and malware-filled updates". Ars Technica. Retrieved 20 January 2014. 
  17. ^ Bruce Schneier (21 Jan 2014). "Adware Vendors Buy and Abuse Chrome Extensions". 
  18. ^ Winkler, Rolfe. "Google Removes Two Chrome Extensions Amid Ad Uproar". Wall Street Journal. Retrieved 17 March 2014. 
  19. ^ "Ad Injection at Scale: Assessing Deceptive Advertisement Modifications" (PDF). 
  20. ^
  21. ^

External links[edit]