Microsoft has been aggressively pushing its new Chromium-based Edge web browser to people, sometimes in ways that don’t sit well with users. It has been promoting how fully-featured it is or how it is able to compete with the big boys like Google Chrome. It may have actually truly become big, enough that it is now a viable and perhaps lucrative target of less conscientious agents on the Internet as the number of fake copies of popular add-ons of Edge is starting to rise, just like with the big boys.
Although browser add-ons and extensions are no longer the hot features they once were years ago, some people still swear by the additional functionality they provide. Some of these add-ons offer added convenience, like picture-in-picture modes for sites that don’t offer that feature. Others promise security, primarily by adding a VPN to your browser.
Because they tap into a web browser and, therefore, into your surfing activities, add-ons have become the ideal hacking and snooping tool, especially since users can be easily be duped into installing them. That’s even easier when add-ons use the name of a popular or trusted brand, which is what happened in the case of a handful of extensions to Microsoft Edge. Some of these, like those masquerading as NordVPN or TunnelBear VPN, redirect searches to some other site. Ars Technica’s report doesn’t mention if any privacy intrusions happened.
One of the biggest problems with browser add-ons is their extremely loose or almost non-existent vetting process, perhaps worse even compared to the Google Play Store. Chrome has been working to curb the reach of add-ons but anyone can still submit add-ons to Chrome or Edge web stores. They can even submit them under fraudulent names without anyone being the wiser.
For better or worse, this is now Microsoft’s problem as well, especially as it pushes Edge to more users, which means more potential victims. These fake add-ons have already been removed, at least for now, but it’s only a matter of time before new ones pop-up, not unless Microsoft, perhaps working with Google, can finally fix the add-on problem once and for all.