Protect: extensions security

Alert

SaveFrom.net, Frigate, and a number of other extensions are disabled because they may behave in dangerous and fraudulent ways. To learn more, see the Yandex Browser blog and Habr.

Yandex Browser uses the Protect integrated security system to protect you from various online threats. The system checks your Yandex Browser extensions to make sure they are safe and authentic, tells you when you have a malicious extension, and blocks it.

Note

Extensions are only checked on Windows.

Why malicious extensions are dangerous

Extensions are mini-programs that add new features to the browser. Extensions are built by browser developers as well as third-party programmers.

More and more malicious extensions are created by hackers. Before the Protect system was integrated with Yandex Browser, this problem caused about a third of all support requests.

Malicious extensions:

  • Change the interface and browser settings.
  • Place additional ads on websites.
  • Replace the usual ads on sites with fraudulent ones.
  • Track your actions.
  • Publish social media posts in your name.
  • Steal your personal data.
  • Mine crypto currency on your computer without your knowledge.

Antivirus software is not very good at recognizing malicious extensions because all extensions run within the browser and do not affect the computer's operating system.

How does Yandex Browser protect extensions?

To secure user data, Yandex Browser:

  • Allows you to install extensions only from trusted sources: Opera Add-ons or Chrome Web Store These web stores check their extensions. The browser disables extensions from other sources, but the user can enable them at their own risk.

  • Checks all extensions for security, blocks malicious extensions during installation, and sends suspicious extensions for further review. If a suspicious extension turns out to be malicious, it is blocked the next time Yandex Browser is restarted. Yandex Browser uses machine learning algorithms to detect malicious extensions. These algorithms are able to block malicious extensions within 1-3 days after they appear in theOpera Add-ons or Chrome Web Store catalogs.

  • Verifies the authenticity of extensions. Malware can replace the files of useful extensions. Yandex Browser periodically compares extensions you installed with their originals in the online store. If they don't match, Yandex Browser suggests reinstalling the extension or blocks it.

  • Restricts access to site data for extensions. Users can restrict the list of sites on which an extension is allowed to read and change data.

  • Doesn't allow extensions to be installed without the user's permission. Yandex Browser limits extension installation via a registry key and forbids using ExtensionInstallForcelist, a corporate policy to install extensions. Developers of malicious extensions often use this policy, because the user cannot remove an extension installed through it.

  • Blocks extension access to the service page. The user checks and deletes extensions on the browser://tune page that no extension may access. Previously, certain malicious extensions prevented users from deleting them by closing the chrome://extensions service page every time a user tried to open it.

Blocking malicious extensions

Before installing an extension, Yandex Browser checks it against a list of malicious extensions stored in a separate database. If the extension is on the list, Yandex Browser blocks its installation and notifies you of this:

You won't be able to install this extension yourself.

If an extension gets into the database after the user has installed it, Yandex Browser blocks it the next time it is launched.

Restricting access to data

Many extensions use the data you enter on sites.

While installing, an extension informs you what data it will get access to:

For security reasons, you can control the extension's access to site data:

  1. Click the extension icon to the right of the SmartBox. If there is no icon, enable it.

  2. Run the menu command:

    • When clicking on extension. The extension will be enabled on the site after clicking the icon. It will have no access to data on other tabs and in other Yandex Browser windows. When closing the current tab, the extension will be disabled. To enable it again, you will have to click the icon.
    • :on. The extension will get access to the current site data. To edit the list of sites that the extension has access, go to browser://extensions.
    • On all websites. The extension will get access to data on all sites.

Disabling unverified extensions

If you install an extension from any other source except Opera Add-ons or Chrome Web Store, Yandex Browser disables the extension immediately after it is installed and notifies you when you restart the browser. During each launch, Yandex Browser repeats the scan, disabling extensions from unverified sources.

How to re-enable an extension

Click the Enable link in the disable dialog box. You can also enable an extension on the browser://tune service page.

Alert

Only enable an extension if you trust the source completely. It may be malicious. The browser blocks malicious extensions, but if an extension has not yet been blacklisted, your data may be subject to risk. To learn more, see Why malicious extensions are dangerous.

For security reasons, the extension will be enabled until you close Yandex Browser. Each time you restart Yandex Browser, you will have to turn on the extension again. To avoid this, contact the extension developers and ask them to publish it in Opera Add-ons or Chrome Web Store.

Learn more

Verify that the extension is authentic

Sometimes hackers try to substitute an extension that was installed from an internet store with a malicious one. Yandex Browser periodically checks the extensions you installed against their originals in the online store (source file hashes are compared). If an extension does not match the original, Yandex Browser disables the extension and notifies you of it.

In that case:

  • If you need the extension, click Reinstall and restore the original version from the online store.
  • If you don’t need the extension, click Delete.

If you close the window by clicking outside of it, the extension remains disabled.You can delete or reinstall it on the Extensions page.

The browser disables your extension

Tip

During development, use the beta version of Yandex Browser, which doesn't check extensions.

If Yandex Browser disables an extension that you have created, use one of the following methods.

If you didn't add your extension to the Chrome Web Store or Opera Add-ons

Enable it each time you launch Yandex Browser, or add the extension to the online store and install it to Yandex Browser from there.

If you added your extension to the Chrome Web Store or Opera Add-ons

Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:

Store name

Link for updating extensions

Chrome Web Store

https://clients2.google.com/service/update2/crx/

Opera Add-ons

https://extension-updates.opera.com/api/omaha/update/

<,span,class="button",>Contact support