Tag Archives: extensions

Browser Extensions: Powerful and Potentially Dangerous

Regular readers of my blogs know that I love browser extensions. Extensions can make using your browser more convenient, fun, and secure. Unfortunately, extensions can also break web apps in bizarre or amusing ways, dramatically slow your browser performance, leak your personal data, or compromise your device. The designers of the Chromium extension system createdContinue reading “Browser Extensions: Powerful and Potentially Dangerous”

Improving the Microsoft Defender Browser Protection Extension

Earlier this year, I wrote about various extensions available to bolster your browser’s defenses against malicious sites. Today, let’s look at another such extension: the Microsoft Defender Browser Protection extension. I first helped out with extension back in 2018 when I was an engineer on the Chrome Security team, and this spring, I was taskedContinue reading “Improving the Microsoft Defender Browser Protection Extension”

Improving Native Message Host Reliability on Windows

Last Update: Nov 28, 2023 Update: This change was checked into Chromium 113 before being backed out. The plan is to eventually turn it on-by-default, so extension authors really should read this post and update their extensions if needed. The feature was relanded inside Chrome Canary version 115.0.5789.0. It’s off-by-default, behind a flag on theContinue reading “Improving Native Message Host Reliability on Windows”

QuickFix: Trivial Chrome Extensions

Almost a decade before I released the first version of Fiddler, I started work on my first app that survives to this day, SlickRun. SlickRun is a floating command line that can launch any app on your PC, as well as launching web applications and performing other simple and useful features, like showing battery, CPUContinue reading “QuickFix: Trivial Chrome Extensions”

“Batteries-Included” vs “Bloated”

Fundamentals are invisible. Features are controversial. One of the few common complaints against Microsoft Edge is that “It’s bloated– there’s too much stuff in it!” A big philosophical question for designers of popular software concerns whether the product should include features that might not be useful for everyone or even a majority of users. ThereContinue reading ““Batteries-Included” vs “Bloated””

Debug Native Messaging

Prelude Last month, an Enterprise customer reached out to report that a 3rd-party browser extension they use wasn’t working properly. Investigation of the extension revealed that the browser extension relied upon a NativeMessaging Host (NMH) companion that runs outside of the browser’s sandbox. In reviewing a Process Monitor log provided by the customer, the SupportContinue reading “Debug Native Messaging”

Web-to-App Communication: The Native Messaging API

Note: This post is part of a series about Web-to-App Communication techniques. One of the most powerful mechanisms for Web-to-App and App-To-Web communication is to use an extension that utilizes the NativeMessaging API. The NativeMessaging API allows an extension running inside the browser to exchange messages with a native-code “Host” executable running outside of the browserContinue reading “Web-to-App Communication: The Native Messaging API”

Useful Resources when Developing Chrome Extensions

I’ve built a handful of Chrome extensions this year, and I wrote up some of what I learned in a post back in March. Since then, I’ve found two more tricks that have proved useful. First, the Chrome Canary channel includes a handy extension error console to quickly expose extension errors. Update: This feature is nowContinue reading “Useful Resources when Developing Chrome Extensions”

Building the moarTLS Analyzer

I’m passionate about building tools that help developers and testers discover, analyze, and fix problems with their sites. Some of the first code I ever released was a set of trivial JavaScript-based browser extensions for IE5. I later used the more powerful COM-based extensibility model to hack together some add-ons that would log ActiveX controlsContinue reading “Building the moarTLS Analyzer”