Protect: verify extensions for security

Yandex.Browser uses the Protect integrated security system to guard against various Internet threats. Using this protection, the browser disables extensions from unverified sources and regularly checks previously installed extensions for fakes.

Restriction. Extensions are only checked in Windows.
  1. Why malicious extensions are dangerous
  2. Disabling unverified extensions
  3. Verifying authenticity of extensions
  4. Information for developers

Why malicious extensions are dangerous

Extensions are mini programs embedded in the browser to enhance its functionality. Extensions are developed by the browser team and third-party programmers.

The number of malicious extensions developed by hackers has increased in recent years. Before the Protect system was implemented in Yandex.Browser, 30% of all support requests were about malicious extensions.

Malicious extensions:

  • change the interface and browser settings;
  • place additional ads on web pages;
  • replace the usual ads on sites with fake ones;
  • track your actions;
  • publish posts in your name on social media;
  • steal your personal information.

Antivirus programs are poor at recognizing malicious extensions. This is because all extensions operate within a browser and have no effect on the computer’s operating system.

Disabling unverified extensions

Extensions from Opera Add-ons or Chrome Web Store are considered verified. These stores block malicious extensions. If you install an extension from another source, Yandex.Browser disables them right after they are installed and informs you of this.

How to re-enable an extension

Click the Enable link in the extension disabling dialog. You can also enable an extension in the settings.

Attention. Enable an extension only if you trust the source completely. The extension could be malicious. Find out more in the Why malicious extensions are dangerous section.

For security reasons, an extension is enabled before restarting the browser. If you don’t want to enable an extension each time you start the browser, contact the extension developers and ask them to disable it in Opera Add-ons or Chrome Web Store.

Verifying authenticity of extensions

Hackers sometimes try to replace an extension installed from an online store with a malicious one. Yandex.Browser periodically compares installed extensions with their originals from the online store. If an extension does not match the original, or the original has been removed from the store, the browser will disable the extension and warn you about it.

Decide what to do with the extension:

  • If you need the extension, click the Reinstall button to restore its original version.
  • If you don’t need the extension, click the Remove button.

If you close the window by clicking outside of it, the extension remains disabled. You will be able to remove or reinstall it on the extension page.

Information for developers

Tip. If you're developing an extension, use the Yandex.Browser beta-version, which does not verify extensions.

The browser disables your extension

If you haven’t disabled an application in Chrome Web Store or Opera Add-ons

Enable it each time you start the browser or disable the extension in the online store and install it in the browser from there.

If you have disabled an application in Chrome Web Store or Opera Add-ons

Check the value of the update_url field in the manifest.json file. Correct links to an update source look like this:

Store name Link for updating extensions
Chrome Web Store https://clients2.google.com/service/update2/crx
Opera Add-ons https://extension-updates.opera.com/api/omaha/update/

Your extension didn’t pass verification

Make sure that the user’s version of the extension matches the version specified in the version field in the manifest.json file.