Google Chrome and Browser Extensions
Web browsers have long had different options for adding third-party tools to expand their functionality. As far back as Netscape, you have been able to get extensions for bookmark management, API integration, and developer tools.
Currently, Chrome has about 60% of the browser market, and Microsoft Edge also uses the Chromium library. Due to this, Chrome Extensions have become one of the most popular ways to add functionality to a web browser that you can not do in a website or application.
Understanding browser extensions requires that you understand one of the key constraints of how web browsers work. Modern web browsers, and web technologies in general, operate on the assumption that the browser creates a sandbox in a user’s computer (or mobile device) that can NOT touch the operating system in ways that risk the computer from a performance or security standpoint. This sandbox concept is critical to understanding that there is a set of functionality that you can NOT provide through a website. This includes accessing the hardware settings of a device, looking at the software settings, accessing files, and connecting data between two sites (URL domains) without both sites providing approval for it.
Browser extensions sit in the gray area between software applications, which have wide access to the device; and websites, which have practically no access to the device.
Common Browser Extension Use Cases
Common Browser Extension Use Cases
Grammarly, Translation, and other Utilities - Grammarly currently has over 30M daily unique users. This use case of reference tools is very common as are custom tools for translation (Google Translate), SEO (Semji), and others. The tools generically examine a webpage's content of a webpage and provide analysis of part of it.
Screenshots and Screen Utilities - There are large of tools like Awesome Screenshot, Loom, and Screencastify to help the creation of screens and videos. There are also tools for zooming, window management, and related tools.
Ad blockers and Site manipulation - There are also a number of tools that actually change the HTML of sites for specific purposes. This includes removing ads, changing code to improve text readers, or changing image or code behavior.
Linking to Reference Tools - A number of tools will rewrite HTML to enable users to right-click on items to link to search tools, dictionaries, Wikipedia, or other reference tools.
Developer Tools - Finally, there is a range of tools for debugging, doing image downloads, and providing information on the structure of the web application. It can also allow local changes to the code for testing.
Risks of Extensions
There are several scenarios that users and companies need to consider when employees are using browser extensions.
Extensions are more like full software applications - Users and companies need to think about extensions as they do about installing a new program on their computers. The programs can access information on their computer, their settings, and other processes.
Extensions can send all information you browse to another server - Users and companies need to think about how browser extensions work. Tools that analyze or augment the webpage you are looking at, are often sending information to a cloud-based server to do that analysis. Depending on the functionality, it should be pretty clear that the feature is not running on your machine.
Extensions can bypass privacy settings you think you’ve set - If you are using tools like Incognito Mode, you should understand that these tools do not use the settings.
How to resolve risks
A. Look up the extension in the Chrome Web Store and review the comments.
B. Look up the company that provides the extension and review their security and privacy information. There is an article at the bottom on how to do this.
C. Follow Company Computer Policies about adding software to your device.
Arc XP extensions, Partner Extensions, and Customer’s Company Policies
It’s important to understand that the Arc XP platform is a SaaS platform that is used by thousands of employees at hundreds of publishers across the globe. The work these employees do in the platform is business-critical, and the content in the platform can be both confidential to that company, and can also be under the umbrella of various privacy laws depending on the location of the user and company.
Arc XP has very clear security and privacy policies that it guarantees to its customers in regard to the software and services it provides to its customers. We have both internal processes, employee training, and reviews to ensure the software is taking care of our customer’s data. All tools, including the Arc XP’s Fusion Developer Tool (a Chrome Extension), meet this commitment.
Arc XP has a number of companies we have partnered with that provide powerful functionality through Browser Extensions, such as Semji. These tools can be hugely valuable and, in many cases, provide deep tools for publishers and information workers.
Important
Using browser extensions is your individual decision. Arc XP does not audit partner tools, nor do these tools fall under our security or privacy agreements. You must review these tools prior to use based on the guidelines above.
Finally, several of the types of browser extensions edit the code of the websites in order to provide their functionality. Arc XP does NOT guarantee that using these extensions will not affect the behavior or performance of our tools. We work with some partners to give them early access to sandbox environments to allow them to ensure quality. However, you should still consider checking critical extensions in your own sandbox environment when you are looking at new Arc XP releases.