Protect: run security checks on extensions.
Yandex Browser uses a comprehensive security system called Protect, safeguarding you from various online threats. This system checks your browser extensions to ensure that they are safe and authentic, tells you when you have a malicious extension, and blocks it.
Why malicious extensions are dangerous
Extensions are mini-programs that add new features to the browser. Extensions are developed by browser developers as well as third-party programmers.
More and more malicious extensions are created by hackers. Before Protect was built into Yandex Browser, this problem caused about a third of all support requests.
Malicious extensions can:
- Change the interface and browser settings.
- Place additional ads on web pages.
- Replace the usual ads on sites with fake ones.
- Track your actions.
- Publish posts in your name on social media.
- Steal your personal data.
- Mine crypto currency on your computer without your knowledge.
Antivirus software is not very good at recognizing malicious extensions because all extensions run within the browser and do not affect the computer's operating system.
How does the browser protect extensions?
To secure user data, Yandex Browser:
- Checks the extension security. The browser checks all extensions for security, blocks malicious extensions during installation, and sends suspicious extensions for further checking. If a suspicious extension turns out to be malicious, it is blocked the next time the browser is restarted. Yandex Browser uses machine learning algorithms to detect malicious extensions. These algorithms are able to block malicious extensions within 1-3 days after they appear in Opera Add-ons or Chrome Web Store.
- Verifies the authenticity of extensions. Malware can replace the files of useful extensions. Yandex Browser periodically compares extensions you installed with their originals in the online store. If they do not match, the browser suggests to reinstall the extension or blocks it.
- Doesn't allow extensions to be installed without the user's permission. The browser restricts installation of extensions via a registry key and forbids using ExtensionInstallForcelist, a corporate policy to install extensions. Developers of malicious extensions often use this policy, because the user cannot remove an extension that was installed through it.
- Blocks extension access to the service page. The user checks and deletes extensions on the browser://tune page, which no extension has access to. Previously, certain malicious extensions prevented users from deleting them by closing the chrome://extensions service page every time a user tried to open it.
Blocking malicious extensions
Before installing an extension, Yandex Browser checks it against a list of malicious extensions stored in a dedicated database. If the extension is in the list, the browser blocks its installation and notifies you of this:
You won't be able to install this extension yourself.
If an extension gets into the database after the user has installed it, the browser blocks it the next time it is launched.
Disabling unverified extensions
If you are installing an extension other than from Opera Add-ons or Chrome Web Store, Yandex Browser disables the extension immediately after installation and notifies you when you restart the browser. During each launch the browser repeats the scan, disabling extensions from unverified sources.
- How to re-enable an extension
Click the Enable link in the disable window. You can also enable an extension on the browser://tune page.Attention. Only enable an extension if you trust the source completely. The extension could be malicious. The browser blocks malicious extensions, but if an extension has not yet been “blacklisted”, your data may be subject to risk. To learn more, see Why malicious extensions are dangerous.
For security reasons, the extension will be enabled only until you close the browser. Each time you restart the browser, you will have to re-enable the extension. To avoid this, contact the extension developers and ask them to publish it in Opera Add-ons or Chrome Web Store.
Verify that the extension is authentic
Sometimes hackers try to substitute an extension that was installed from an online store with a malicious one. Yandex Browser periodically compares the extensions you installed with their originals in the online store (source file hashes are compared). If an extension does not match the original, the browser disables the extension and warns you about it.
In that case:
- If you need the extension, click Reinstall and restore the original version from the store.
- If you don’t need the extension, click Delete.
If you close the window by clicking outside of it, the extension will remain disabled. You can delete or reinstall it on the Extensions page.
The browser disables your extension
If the browser disables an extension that you have created, use one of the following methods.
- If you didn't add your extension to the Chrome Web Store or Opera Add-ons
Enable it each time you launch the browser, or add the extension to the online store and install it in your browser from there.
- If you added your extension to the Chrome Web Store or Opera Add-ons
Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:
Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/ Store name Link for updating extensions Chrome Web Store https://clients2.google.com/service/update2/crx Opera Add-ons https://extension-updates.opera.com/api/omaha/update/