Control Browser Extensions with PerimeterX

Browser extensions are helper apps that users add from the Chrome store or other browser stores. These extensions provide useful functionality to browsers to manage your passwords or give you a shortcut to your web conferencing software and many other useful tools. Many extensions improve user productivity, which is why they are so popular. But, frequently hidden among the beneficial options, there exist malicious extensions that can do great harm such as accessing everything you type on every website. Malicious extensions, sometimes referred to as plugins, can pose serious threats to both privacy and security. There are thousands of extensions available for every popular browser. Price comparison and coupon extensions are some of the most downloaded, with millions of downloads and active users.

Browser extensions have security and privacy risks as shown by attacks that leverage them to harvest usernames, passwords and credit card data. Often installed as part of free anti-malware software, up to 20% of your website users could be infected by unwanted extensions, ad injections or browser malware. Some extensions such as price comparisons and coupons don’t pose a security threat to e-commerce and travel websites. They actually pose a bigger threat: altering the user's path to purchase on your site and redirecting the user to a competing site. These extensions can also facilitate affiliate referral fraud, redirecting a user back to your site with an affiliate code, that costs you money without adding value.

Many coupon extensions are advertised and promoted by reputable sites to online users. For example, a leading financial firm strongly recommends that its cardholders install wikibuy coupon extensions to get the best deal. Millions of dollars are spent by web marketing teams to optimize user navigation on a site, and to increase user engagement and ultimately conversions. The end result of price comparison and coupon extensions is often cart abandonment as a user leaves your site to pursue a better deal elsewhere.

Many Chief Marketing Officers and Chief Digital Officers are often unaware of the problems created by these extensions. They may receive poor advice that browser extensions are an end-user problem and there is nothing they can do. Some security teams will tell you that content security policies (CSP) may work to fight malicious extensions, but CSPs are easily bypassed by extensions.

Users are going to use extensions - no matter their benefit or threat. You as the website owner should be aware of the pitfalls and damage that they cause to the user experience and use all the tools available to minimize their potential harm.