Protect: run security checks on extensions.
Yandex.Browser uses a complex security system called Protect that protects you from various internet-based threats. This system checks your browser extensions to ensure that they are safe and authentic, tells you when you have a malicious extension, and blocks it.
Why malicious extensions are dangerous
Extensions are mini-programs built into the browser and extend its functionality. Extensions are developed by browser developers as well as third-party programmers.
The number of malicious extensions developed by hackers has increased in recent years. Before the Protect system was implemented in Yandex.Browser, 30% of all support requests were about malicious extensions.
- change the interface and browser settings;
- place additional ads on web pages;
- replace the usual ads on sites with fake ones;
- track your actions;
- publish posts in your name on social media;
- steal your personal information.
- mine crypto currencies without your approval.
Antiviruses are not very good at recognizing malicious extensions. This is because all extensions operate within a browser and do not affect the computer’s operating system.
Yandex.Browser limits your ability to install extensions using a registry key and forbids you from using a corporate policy. Corporate policies were popular among developers of malicious extensions because they don't allow users to delete the extensions.
In some cases, malicious extensions don't allow you to open the chrome://extensions page, closing it immediately. This is the page that we recommend using to check your extensions list and delete any suspicious ones. That is why the browser://tune page is isolated from the extensions in Yandex.Browser.
All extensions are checked semi-automatically. As soon as users start installing a new extension in Yandex.Browser, the machine learning algorithms check that they are safe. Extensions that are clearly malicious are blocked immediately and suspicious ones are checked manually.
Disable unverified extensions
Extensions from Opera Add-ons or the Chrome Web Store are considered to be verified. These stores block malicious extensions. If you install an extension from another source, Yandex.Browser disables it right after it's installed and let's you know.
- How to re-enable an extension
Click the Enable link in the dialog box that informs you about the extension being disabled. You can also enable the extension in your settings.Attention. Only enable an extension if you trust the source completely. The extension could be malicious. Find out more in the Why malicious extensions are dangerous section.
For security reasons, the extension will be enabled before the browser relaunches. If you don’t want to enable an extension every time you launch your browser, contact the extension developers and ask them to include it in the Opera Add-ons store or Chrome Web Store.
Verify that the extension is authentic
Sometimes hackers try to substitute an extension that was installed from an internet store with a malicious one. Yandex.Browser periodically compares extensions you installed with their originals in the internet store. If an extension does not match the original, or the original has been removed from the store, the browser will disable the extension and warn you about it.
Decide what to do with the extension:
- If you need the extension, click Reinstall and restore the original version.
- If you don’t need the extension, click Delete.
If you close the window by clicking outside of it, the extension will remain disabled. You can delete or reinstall it on the Extensions page.
Information for developers
The browser disables your extension
- If you didn't add your extension to the Chrome Web Store or Opera Add-ons
Enable it each time you launch the browser or add the extension to the online store and install it on your browser from there.
- If you added your extension to the Chrome Web Store or Opera Add-ons
Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:
Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/ Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/
Your extension didn’t pass verification
Make sure that the user’s version of the extension matches the version specified in the version field of the manifest.json file.