Internet Explorer started supporting extensions from version 5 released in 1999. Firefox has supported extensions since its launch in 2004. The Opera desktop web browser supported extensions from version 10 released in 2009. Google Chrome started supporting extensions from version 4 released in 2010. Safari started supporting native extensions from version 5 released in 2010. Microsoft Edge started supporting limited extensions in March 2016.
The syntax for extensions may be quite different from browser to browser, or at least different enough that an extension working on one browser does not work on another. As for search engine tools, an attempt to bypass this problem is the multi-tag strategy proposed by the project Mycroft, a database of search engine add-ons working on different browsers.
Browser extensions are used for improving a browser's user interface, security or accessibility, blocking advertisements, and various other features to make browsing the internet easier and more pleasant. There are many types of extensions that can be used to control various aspects of browsing privacy and mitigate threats. For instance, they may prevent third parties from tracking the user's movements, block ads and scripts, or enforce good habits.
A browser toolbar is a common type of browser extensions that alters the user interface. It is a toolbar that resides within a browser's window. All major web browsers provide support for browser toolbars as a way to extend the browser's UI and functionality. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one.
Browser extensions have access to everything done by the browser, and can do things like inject ads into web pages, or make "background" HTTP requests to third-party servers. While web pages are constrained by the security model of the web browser (in particular, the same-origin policy), extensions are not. As a result, a malicious browser extension may take action against the interest of the user that installed it. Such browser extensions are a form of malware. Some software downloads come with unwanted bundled programs that install browser extensions without a user's knowledge, while making it hard for the user to uninstall the extension.
In 2012, a security researcher "developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more." In May 2013, Microsoft reported discovering a browser extension for Chrome and Firefox that "tries to hijack Facebook profiles" in Brazil.
Some Google Chrome extension developers have sold extensions they made to third-party companies who silently push unwanted updates that incorporate previously non-existent adware into the extensions. In January 2014, Google removed two extensions from its store due to violations of its own terms of service. The decision to remove the two extensions, "Add to Feedly" and "Tweet This Page", arose when users noticed these extensions created unwanted pop up ads, after the extensions had been sold by their developers to third parties.
Five percent of computer browser visits to Google-owned websites are altered by computer programs that inject their own ads into pages. Researchers have identified 50,870 Google Chrome extensions and 34,407 programs that injected ads. Thirty-eight percent of extensions and 17 percent of programs were catalogued as malicious software, the rest being potentially unwanted adware.
- "What are extensions?". Retrieved 18 February 2014.
- "Browser Extensions". Retrieved 2010-06-05.
- Bright, Peter (18 March 2016). "Edge browser now has extensions in the latest Windows 10 preview". Ars Technica. Condé Nast.
- Foley, Mary Jo (17 March 2016). "Microsoft releases first Edge extensions preview in newest Windows 10 test build". ZDNet. CBS Interactive.
- "Mycroft project". Retrieved 2011-10-27.
- "Extensions". Chrome Web Store. Google. Retrieved 15 March 2017.
- "Add-ons for Firefox". addons.mozilla.org. Mozilla Foundation. Retrieved 15 March 2017.
- "Extensions". Opera Add-ons. Opera Software. Retrieved 15 March 2017.
- "Safari Extensions". apple.com. Apple. Retrieved 15 March 2017.
- Henry, Alan (31 August 2015). "The Best Browser Extensions that Protect Your Privacy". LifeHacker. Gizmodo Media Group.
- "WebExtensions". developer.mozilla.org. Mozilla Foundation. Retrieved 15 March 2017.
- "PUP Criteria". Malwarebytes. Retrieved 13 February 2015.
- "Researcher to demonstrate feature-rich malware that works as a browser extension". Retrieved 15 March 2015.
- "Browser extension hijacks Facebook profiles". Retrieved 15 March 2015.
- "Adware vendors buy Chrome Extensions to send ad- and malware-filled updates". Ars Technica. Retrieved 20 January 2014.
- Bruce Schneier (21 Jan 2014). "Adware Vendors Buy and Abuse Chrome Extensions".
- Winkler, Rolfe. "Google Removes Two Chrome Extensions Amid Ad Uproar". blogs.wsj.com. Wall Street Journal. Retrieved 17 March 2014.
- "Ad Injection at Scale: Assessing Deceptive Advertisement Modifications" (PDF). Archived from the original (PDF) on 2015-06-05.
- "Superfish injects ads into 5 percent of all Google page views". PC World. IDG.
- "Superfish injects ads in one in 25 Google page views". CIO. IDG.