Protect: extensions security
Yandex Browser uses the Protect integrated security system to protect you from various online threats. The system checks your Yandex Browser extensions to make sure they are safe and authentic, tells you when you have a malicious extension, and blocks it.
Why malicious extensions are dangerous
Extensions are mini-programs that add new features to the browser. Extensions are developed by browser developers as well as third-party programmers.
More and more malicious extensions are created by hackers. Before the Protect system was integrated with Yandex Browser, this problem caused about a third of all support requests.
Malicious extensions can:
- Change the interface and browser settings.
- Place additional ads on web pages.
- Replace the usual ads on sites with fake ones.
- Track your actions.
- Publish posts in your name on social media.
- Steal your personal data.
- Mine crypto currency on your computer without your knowledge.
Antivirus software is not very good at recognizing malicious extensions because all extensions run within the browser and do not affect the computer's operating system.
How does Yandex Browser protect extensions?
To secure user data, Yandex Browser:
- Checks all extensions for security, blocks malicious extensions during installation, and sends suspicious extensions for further review. If a suspicious extension turns out to be malicious, it is blocked the next time Yandex Browser is restarted. Yandex Browser uses machine learning algorithms to detect malicious extensions. These algorithms are able to block malicious extensions within 1-3 days after they appear in the Opera Add-ons or Chrome Web Store catalogs.
- Verifies the authenticity of extensions. Malware can replace the files of useful extensions. Yandex Browser periodically compares extensions you installed with their originals in the online store. If they don't match, Yandex Browser suggests reinstalling the extension or blocks it.
- Restricts access to site data for extensions. Users can restrict the list of sites on which an extension is allowed to read and change data.
- Doesn't allow extensions to be installed without the user's permission. The browser restricts installation of extensions via a registry key and forbids using ExtensionInstallForcelist, a corporate policy to install extensions. Developers of malicious extensions often use this policy, because the user cannot remove an extension that was installed through it.
- Blocks extension access to the service page. The user checks and deletes extensions on the browser://tune page, which no extension has access to. Previously, certain malicious extensions prevented users from deleting them by closing the chrome://extensions service page every time a user tried to open it.
Blocking malicious extensions
Before installing an extension, Yandex Browser checks it against a list of malicious extensions stored in a separate database. If the extension is on the list, Yandex Browser blocks its installation and notifies you of this:
You won't be able to install this extension yourself.
If an extension gets into the database after the user has installed it, Yandex Browser blocks it the next time it is launched.
Restricting access to data
Many extensions use the data you enter on sites. For example, Yandex Collections registers the images that you view to recommend you similar ones.
While installing, an extension informs you what data it will get access to:
For security reasons, you can control the extension's access to site data:
- Run the menu command:
- When clicking on extension. The extension will be enabled on the site after clicking the icon. It will have no access to data on other tabs and in other Yandex Browser windows. When closing the current tab, the extension will be disabled. To enable it again, you will have to click the icon.
- <the current site>:on. The extension will get access to the current site data. To edit the list of sites that the extension can access, go to browser://extensions.
- On all sites. The extension will get access to data on all sites.
Disabling unverified extensions
If you install an extension from any other source except Opera Add-ons or Chrome Web Store, Yandex Browser disables the extension immediately after it is installed and notifies you when you restart the browser. During each launch, Yandex Browser repeats the scan, disabling extensions from unverified sources.
- How to re-enable an extension
Click the Enable link in the disable dialog box. You can also enable an extension on the browser://tune page.Attention. Only enable an extension if you trust the source completely. It may be malicious. The browser blocks malicious extensions, but if an extension has not yet been “blacklisted”, your data may be subject to risk. To learn more, see Why malicious extensions are dangerous.
For security reasons, the extension will be enabled until you close Yandex Browser. Each time you restart Yandex Browser, you will have to turn on the extension again. To avoid this, contact the extension developers and ask them to publish it in Opera Add-ons or Chrome Web Store.
Verify that the extension is authentic
Sometimes hackers try to substitute an extension that was installed from an online store with a malicious one. Yandex Browser periodically checks the extensions you installed against their originals in the online store (source file hashes are compared). If an extension does not match the original, Yandex Browser disables the extension and notifies you of it.
In that case:
- If you need the extension, click Reinstall and restore the original version from the online store.
- If you don’t need the extension, click Delete.
If you close the window by clicking outside of it, the extension remains disabled. You can delete or reinstall it on the Add-ons page.
The browser disables your extension
If Yandex Browser disables an extension that you have created, use one of the following methods.
- If you didn't add your extension to the Chrome Web Store or Opera Add-ons
Enable it each time you launch Yandex Browser, or add the extension to the online store and install it to Yandex Browser from there.
- If you added your extension to the Chrome Web Store or Opera Add-ons
Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:
Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/ Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/