Plug-Ins Create New Browser Security Holes

Plug-Ins Create New Browser Security Holes

Web browsers have grown increasingly secure, but the most frequent flaw in browser security has become browser plug-ins. These are not the extensions installed on the browser (though they can pose risks, too), but they are plug-ins that web pages use to increase functionality.

Some of the examples include Adobe Reader, Adobe Flash and Oracle's Java.

A memorable example is what came to be known as the Flashback Trojan. This malware masqueraded first as an installer for Adobe Flash, used for streaming video. (Apple no longer uses it). The Flashback Trojan, infected almost 600,000 Macs with viruses. It evolved to target the Java plug-in, used within millions of web pages. It exploited a bug in Java and gained entry to their systems.

When you have Java installed, this can increase your risk for attack, so some browser security experts advise users to disable any plug-ins that they do not use. You can always turn them on, easily, when you do need them to reduce browser hacking on a small or large scale.

One of the advantages that hackers have when they compromise a plug-in is that they can attack numerous platforms. For example, if you find a security flaw with Flash, you can compromise almost every Internet browser from Microsoft Edge to Safari to Firefox to Google Chrome. For the millions who still use, it, Internet Explorer is extremely vulnerable as well, in part because it is no longer supported.

In terms of automatic updates, an Internet browser virus is less likely to come directly through Google Chrome, Mozilla Firefox and Microsoft Edge because they update automatically. In contrast, many plug-ins like Oracle Java can take as long as one month before the plug-in will check for an update.

In addition, instead of automatically updating, you see a pop up, and many inexperienced users will ignore it. Doing so leaves you at greater risk for browser hacking. By default, Chrome automatically blocks Java because of these flaws in security, and they instruct their users that you only run the plug-ins on software that you trust.

Lowering the risk of being hacked comes down to uninstalling the plug-ins that you do not plan to use.

You can see the different plug-ins that you have installed on your browser by visiting the plug-in manager of your browser. For Chrome, all you have to do is type "chrome://plug-ins," into your address bar, and this opens your add-ons window.

If you have Firefox, click the Tools menu, click “Add-Ons” and then select “plugins.” If you have Internet Explorer, hit the Manage Add-ons button in your tools tab. Explorer still calls them add-ons, and there is no plug-ins folder for it.. Uninstalling a plug-in in Explorer will mean that you go to the Task Manager instead.

For better browser security, you have to address plug-ins because they have become the biggest target. Plug-ins differ from add-ons and extensions, and sometimes a plug-in will be something that a website requires.

One of the ways that you can alleviate the problem with Flash is to enable click-to-play. This ensures that not every instance of sketchy media will be played on your system, which can be used to hack you.

While plug-ins allow us to view videos and learn new things, it’s important to keep some basic safety tips in mind. Don’t add suspicious plug-ins. Those often come up in pop-ups as you surf the web. When that happens, take the time to look it up online on reliable security websites and see if it’s been reported as a scam or reach out to an expert.

That will help to avoid letting them become a threat to browser security. If you use the "Firefox Plug-in Check" page, you can find out if you have old vulnerable plug-ins on your computer. Do not let the name fool you. You can use this tool on any browser, and it will let you know what to update and what plug-ins to get rid of.

Calling us is one of the best ways to discover what’s going on. If you notice everything slowing down as you try to use even the most simple functions, first try restarting your computer. And if that doesn’t help improve the situation, give us a call. Secure Data Recovery Services can usually remote repair these issues pretty easily. Keep our phone number handy in case of emergency, 1-800-388-1266.

Article by

Laura Bednar is a content writer for Secure Data. She writes blogs about trends in technology and budding privacy laws in the digital age. She also creates content for web pages and marketing materials for company products.

Need Our Professional Services?

Related Articles