A Look at Shady Browser Extension Takeovers ⇥ krebsonsecurity.com

Brian Krebs:

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

The risks increase as we work more in web browsers and through web apps. Browser extensions can be nasty software. Yet, despite knowing all of this and covering it for years, I still think of them less seriously than standalone applications. I don’t know about you but, in my mind, browser extensions are just lightweight little scripts that give me a download button on YouTube or block egregious ads — even though I know that is not the case.