Browser extension

A browser extension is a plug-in that extends the functionality of a web browser. Some extensions are authored using web technologies such as HTML, JavaScript, and CSS.[1] Others are developed using machine code and application programming interfaces (APIs) provided by web browsers, such as NPAPI and PPAPI. Browser extensions can change the user interface of the web browser without directly affecting viewable content of a web page; for example, by adding a browser toolbar.


Internet Explorer started supporting extensions from version 5 released in 1999.[2] Firefox has supported extensions since its launch in 2004. The Opera desktop web browser supported extensions from version 10 released in 2009. Google Chrome started supporting extensions from version 4 released in 2010. Safari started supporting native extensions from version 5 released in 2010. Microsoft Edge started supporting limited extensions in March 2016.[3][4]

The syntax for extensions may be quite different from browser to browser, or at least different enough that an extension working on one browser does not work on another. As for search engine tools, an attempt to bypass this problem is the multi-tag strategy proposed by the project Mycroft, a database of search engine add-ons working on different browsers.[5]


Many browsers have an online store that allows users to find extensions and see lists of popular extensions. Google Chrome,[6] Firefox,[7] Opera[8] and Safari[9] all provide such stores.


Browser extensions are used for improving a browser's user interface, security or accessibility, blocking advertisements, and various other features to make browsing the internet easier and more pleasant. There are many types of extensions that can be used to control various aspects of browsing privacy and mitigate threats. For instance, they may prevent third parties from tracking the user's movements, block ads and scripts, or enforce good habits.[10]

A browser toolbar is a common type of browser extensions that alters the user interface. It is a toolbar that resides within a browser's window. All major web browsers provide support for browser toolbars as a way to extend the browser's UI and functionality. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one.


Browser extension development is the actual creation of an extension for a specific browser. Each browser type has its own architecture and application programming interfaces (APIs) to build the extensions, which requires different code and skills for each extension. The original API was NPAPI. It was first developed for Netscape browsers, starting in 1995 with Netscape Navigator 2.0, but was subsequently adopted by other browsers. Microsoft did not adopt this API for Internet Explorer and instead chose ActiveX for contents-altering plugins. The browser-altering plugins, called Browser Helper Objects, were designed based on a Component Object Model (COM) interface. Google later introduced the PPAPI interface in Chrome, even though its mainstream Google Chrome extensions are built using web technologies such as HTML5, JavaScript and CSS.[1] Firefox has supported or supports many technologies for developing what it calls "Mozilla add-ons", including NPAPI, XUL, XPI, XPCOM, XPConnect and JetPack, as well as web technologies such as HTML5, JavaScript and CSS. Its WebExtensions API is compatible with the extensions APIs of Google Chrome and Microsoft Edge.[11]

Unwanted behavior

Browser extensions have access to everything done by the browser, and can do things like inject ads into web pages, or make "background" HTTP requests to third-party servers. While web pages are constrained by the security model of the web browser (in particular, the same-origin policy), extensions are not. As a result, a malicious browser extension may take action against the interest of the user that installed it. Such browser extensions are a form of malware. Some software downloads come with unwanted bundled programs that install browser extensions without a user's knowledge, while making it hard for the user to uninstall the extension.[12]

In 2012, a security researcher "developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more." [13] In May 2013, Microsoft reported discovering a browser extension for Chrome and Firefox that "tries to hijack Facebook profiles" in Brazil.[14]

Some Google Chrome extension developers have sold extensions they made to third-party companies who silently push unwanted updates that incorporate previously non-existent adware into the extensions.[15][16] In January 2014, Google removed two extensions from its store due to violations of its own terms of service. The decision to remove the two extensions, "Add to Feedly" and "Tweet This Page", arose when users noticed these extensions created unwanted pop up ads, after the extensions had been sold by their developers to third parties.[17]

Five percent of computer browser visits to Google-owned websites are altered by computer programs that inject their own ads into pages.[18][19][20] Researchers have identified 50,870 Google Chrome extensions and 34,407 programs that injected ads. Thirty-eight percent of extensions and 17 percent of programs were catalogued as malicious software, the rest being potentially unwanted adware.

See also


  1. 1 2 "What are extensions?". Retrieved 18 February 2014.
  2. "Browser Extensions". Retrieved 2010-06-05.
  3. Bright, Peter (18 March 2016). "Edge browser now has extensions in the latest Windows 10 preview". Ars Technica. Condé Nast.
  4. Foley, Mary Jo (17 March 2016). "Microsoft releases first Edge extensions preview in newest Windows 10 test build". ZDNet. CBS Interactive.
  5. "Mycroft project". Retrieved 2011-10-27.
  6. "Extensions". Chrome Web Store. Google. Retrieved 15 March 2017.
  7. "Add-ons for Firefox". Mozilla Foundation. Retrieved 15 March 2017.
  8. "Extensions". Opera Add-ons. Opera Software. Retrieved 15 March 2017.
  9. "Safari Extensions". Apple. Retrieved 15 March 2017.
  10. Henry, Alan (31 August 2015). "The Best Browser Extensions that Protect Your Privacy". LifeHacker. Gizmodo Media Group.
  11. "WebExtensions". Mozilla Foundation. Retrieved 15 March 2017.
  12. "PUP Criteria". Malwarebytes. Retrieved 13 February 2015.
  13. "Researcher to demonstrate feature-rich malware that works as a browser extension". Retrieved 15 March 2015.
  14. "Browser extension hijacks Facebook profiles". Retrieved 15 March 2015.
  15. "Adware vendors buy Chrome Extensions to send ad- and malware-filled updates". Ars Technica. Retrieved 20 January 2014.
  16. Bruce Schneier (21 Jan 2014). "Adware Vendors Buy and Abuse Chrome Extensions".
  17. Winkler, Rolfe. "Google Removes Two Chrome Extensions Amid Ad Uproar". Wall Street Journal. Retrieved 17 March 2014.
  18. "Ad Injection at Scale: Assessing Deceptive Advertisement Modifications" (PDF). Archived from the original (PDF) on 2015-06-05.
  19. "Superfish injects ads into 5 percent of all Google page views". PC World. IDG.
  20. "Superfish injects ads in one in 25 Google page views". CIO. IDG.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.