Protect: run security checks on extensions

Yandex.Browser uses the Protect integrated security system to guard against various internet threats. As part of these security measures, the browser discovers and blocks malicious extensions and checks to make sure that malicious software didn't get embedded in extensions that you installed earlier.

Restriction. Extensions are only checked on Windows.
  1. Why malicious extensions are dangerous
  2. How the browser ensures that extensions are safe
  3. Block malicious extensions
  4. Disable unverified extensions
  5. Verify that the extension is authentic
  6. The browser disables your extension

Why malicious extensions are dangerous

Extensions are mini-programs that are added to the browser and extend its functionality. Extensions are developed by browser developers as well as third-party programmers.

Hackers are constantly creating more malicious extensions. Before we implemented the Protect system in Yandex.Browser, approximately one third of all customer support requests were caused by this problem.

Malicious extensions:

  • change the interface and browser settings;
  • place additional ads on web pages;
  • replace the usual ads on sites with fake ones;
  • track your actions
  • publish posts in your name on social media;
  • steal your personal information
  • mine crypto currencies on your computer without your knowledge

Antiviruses are bad at recognizing malicious extensions because all extensions work within a browser and don't affect your computer's operating system.

How the browser ensures that extensions are safe

In order to ensure that user data is secure, Yandex.Browser:

  • Only allows you to install extensions from verified sources. Only allows you to install extensions from Opera Add-ons or the Chrome Web Store (these stores check their own extensions). The browser disables extensions from other sources, but the user can add them at their own risk.
  • Check extensions. The browser checks all extensions to ensure they are safe, blocks malicious extensions during the installation process, and sends suspicious ones for further checking. If a suspicious extension turn out to be malicious, the browser will block it the next time you restart your browser. Yandex.Browser uses a machine learning algorithm to identify malicious extensions. Thanks to this algorithm, malicious extensions are blocked within 1-3 days after they appear in the Opera Add-ons and Chrome Web Store catalogs.
  • Verify that the extension is authentic. Malicious software may replace files from useful extensions. That's why Yandex.Browser periodically compares extensions you installed with their originals in the internet store. If they don't match, the browser suggests that you reinstall the extension or block it.
  • It doesn't let you install extensions without informing the user. The browser restricts your ability to install extensions using a registry key and does not allow you to install extensions using an ExtensionInstallForcelist corporate policy. This policy is often used by developers of malicious extensions because the user can't delete an extension that was installed this way.
  • Block extensions ability to access restricted pages. Users can check and delete their extensions on the browser://tune page, which extensions themselves can not access. Previously, some malicious extensions did not allow users to delete them by hiding the chrome://extensions restricted page every time the user attempted to open it.

Block malicious extensions

Before you install an extension, Yandex.Browser compares it with the list of malicious extensions saved in its special database. If the extension is in the list, the browser does not allow it to install and lets you know what happened:

It is not possible to install this kind of extension individually.

If an extension ends up in the database after the user has installed it, the browser blocks it the next time the browser is launched.

Disable unverified extensions

If you installed an extension from a source other than Opera Add-ons or the Chrome Web Store, Yandex.Browser will disable the extension immediately after you install it and let you know about it the next time you launch your browser. Every time you relaunch your browser, it will check again and disable any extensions from unverified sources.

How to re-enable an extension

Click the Enable link in the dialog box that tells you the extension was disabled. You can also enable the extension on the browser://tune restricted page.

Attention. Only enable an extension if you trust the source completely. The extension could be malicious. The browser blocks malicious extensions, but your data may still be unsecure if they didn't get “black-listed” yet. Find out more in the Why malicious extensions are dangerous section.

For security reasons, extensions will be enabled until you close your browser. Every time you relaunch your browser, you will have to enable the extension again. To avoid this, contact the extension developers and ask them to include it in Opera Add-ons or the Chrome Web Store.

Verify that the extension is authentic

Sometimes hackers try to substitute an extension that was installed from an internet store with a malicious one. Yandex.Browser periodically compares extensions you installed with their originals in the internet store (by comparing the hashes of the source files). If the extension doesn't match the original, the browser disables it and warns you.

In that case:

  • If you need the extension, click Reinstall and restore the original version from the internet store.
  • If you don’t need the extension, click Delete.

If you close the window by clicking outside of it, the extension will remain disabled. You can delete or reinstall it on the Extensions page.

The browser disables your extension

Tip. If you're developing an extension, use the Yandex.Browser beta-version, which does not verify extensions.

If the browser disables an extension that you created, use one of the following methods.

If you didn't add your extension to the Chrome Web Store or Opera Add-ons

Enable it each time you launch the browser or add the extension to the online store and install it on your browser from there.

If you added your extension to the Chrome Web Store or Opera Add-ons

Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:

Store nameLink for updating extensions
Chrome Web Storehttps://clients2.google.com/service/update2/crx
Opera Add-onshttps://extension-updates.opera.com/api/omaha/update/