5 BulletProof Ways in Securing Your Web Browser Against Cyberattacks

Browser Security - Secure Web Browsing

Securing your web browser against cyberattacks is a priority because modern web browsers can store our sensitive information such as passwords, emails, addresses, credit card details, and even location.

This is why browser hacking is popular amongst cybercriminals seeking to lay hold of this treasure throve of information.

In this study, we will discuss 5 technology-based solutions to securing your web browser and protecting your private information and money from being stolen.

Here are the top five ways you can enhance the security of your browser:

1. Get Security Browser Extensions

Browser extensions (also called add-ons) are small software programs you install on top of your browser to enhance its functionality.

There are literally thousands of browser extensions available to provide a wide variety of added functions to your browsing experience.

There are extensions available for customization, productivity, shopping, privacy, security, etc.

Security and privacy extensions are highly recommended and encouraged by security professionals for securing browsers.

This range from the ability to prevent users from picking up a virus just by visiting a malicious website to blocking retargeting ads and trackers that follow you around the web, even across different devices.

Top security browser extensions for securing your web browser 

We will start off this list with the browser extensions created and recommended by the Electronic Frontier Foundation (EFF).

The EFF is a highly respected nonprofit organization dedicated to protecting privacy and security in Electronic communication.

You should be using these extensions right away to increase your browser security surfing online.

Created by the EFF in collaboration with The Tor Project, this open source extension provides you better security by automatically forcing thousands of websites you visit to serve their HTTPs (‘s’ stands for secure) version if available, instead of their unencrypted HTTP version.

HTTPs is signified by the green padlock icon you see on the address bar of your browser.

Available for Firefox, Chrome, Opera and Firefox for Android.

Also by the EFF, Privacy Badger is a simple extension that automatically ‘learns’ about and BLOCKS invisible trackers that track you across the web and even on different devices as you use your browser.

Installing Privacy Badger enables “do not track”.

It’s a fire-and-forget kind of extension like HTTPs Everywhere. Just install it, no extra configuration needed.

Available for Firefox, Chrome, Opera, and Firefox for Android.

A fast and relatively low-memory consuming extension which efficiently blocks ads, annoying pop-ups and tracking companies.

It makes page loading time significantly faster because it prevents the browser from loading all the extra stuff (ads and trackers) on the website saving you time and bandwidth. But more importantly it protects you from malicious software served by some advertisement networks.

However, many websites depend on advertisement generated revenue. If you’d like to support a website serving ads, you can easily disable uBlock Origin for that site or donate to them using whatever means they have set up to receive donations.

IMPORTANT: uBlock Origin is completely unrelated to the site “ublock.org”. (Read more here).

Available for Firefox, Chrome, Opera, Edge, Safari, Firefox for Android.

LastPass, an award-winning password manager, is a browser extension that stores all your passwords safely and gives you secure access from every computer and mobile device anytime, anywhere.

All you have to do is install the extension, set a master password to access your password vault and LastPass does the rest.

Using a password manager is highly recommended for best password security practice by Information security professionals.

Available for Firefox, Chrome, Opera, Edge, Safari.

Cookie AutoDelete is a powerful cookie controller that replaces the internal cookie manager of your browser.

It makes it super easy to manually get rid of all cookies from visited websites or the current website only, with a single click right from the extension.

There is also an option where the cookies are wiped ‘automagically’ when a tab is closed.

Deleting ‘cookies’ is good for privacy but more importantly you get better security as cybercriminals who go after you to steal browsing session cookies in order to impersonate you online are brutally stopped.

Available for Chrome and Firefox.


2. Disable Browser Saved Passwords

Disable Browser Saved Passwords Mobile-Desktop Screenshot Grid

One function of web browsers is that they offer some kind of inbuilt password manager to help you save the usernames and passwords you use to log into various websites.

This is a browser feature that latest versions of Chrome tout as a selling point, but it’s not safe!

Hence the reason why there are over two dozen companies that provide solution to this with dedicated password management apps independent of the browser you use.

Why should I disable browser saved passwords?

The problem with this is credentials stored in the browser this way can very easily be stolen.

Threat actors against your saved browser passwords could be local or remote.

A person with malicious intent could take a snapshot with their smartphone of all your saved passwords if they have unrestricted access to your computer or mobile device for even a minute.

It’s even easier with Google Chrome on Desktop.

Just type chrome://settings/passwords in the address bar and you are at the passwords safe page!

There is also the remote attacker threat. When cybercriminals are able to get a backdoor on your computer through malware, they now have the ability to give your computer instructions remotely.

One of their FIRST post exploitations is usually to run a check on your computer for browser saved passwords.

It doesn’t matter what browser or operating system you use, they are all pretty vulnerable to browser saved passwords exfiltration – Firefox on Linux inclusive.

Although the password database when stolen is encrypted, it is also VERY easily decrypted too.

How do you secure your web browser saved passwords from attackers?

You don’t! You disable the feature on your browser completely!

Two things you can do: use a password manager and/or prevent your computer from being infected with malware in the first place.

While how to detect, remove or prevent malware from infecting your computer is not the focus of this study; an actionable step you can take right now is to use a password manager.

You can use LastPass password manager (which we have mentioned earlier) to manage passwords instead of the built-in browser passwords safe.

First, you will have to discontinue saving logins in the browser, then dive into your browser settings to disable that feature.

After that, you should export the login you already have saved there to your LastPass.

And lastly, clear all the records from your browser.

I would recommend instead of an automatic password export, that you take the time out to manually save each password entry from the browser to LastPass and update the passwords with strong randomly generated ones in the process.

Because chances are those passwords are weak and old or may have even been compromised. It’s well worth your trouble taking these extra steps in securing your web browser for your own digital security.


3. Disable Browser Autofill

Autofill is the browser feature that automatically fills out forms on web pages for you with your previously saved user information.

After you have entered something like your name and email into a form on a web page, the next time you visit that page, your previous entry should be available for re-use.

What are the dangers of using Browser Autofill?

Although browser autofill is a useful and time-saving feature it is a big security risk, which can lead to your personal and financial data being leaked.

Viljami Kuosmanen a Finnish web developer and hacker discovered that several browsers could be deceived into leaking more of your private information than you bargained when using browser autofill systems.

The attacker basically lures its victims to a phishing web page that has an innocent-looking web form. On the surface you may have text fields to enter very basic info like name and email, but hidden behind are many more text fields to collect extra information unknowing to you.

This extra information may be your phone number, address and even financial info like your credit card details, etc.

Autofill phishing exploit by Viljami in action

Viljami also released a proof-of-concept website if you’d like test things for yourself.

How can I protect myself from browser Autofill attacks?

Securing your web browser from this attack is easy, just go into your settings and disable all Autofill system in your browsers completely.

Then switch to using the Autofill feature of a password manager like LastPass which is secure and convenient too.

However, a bit of cyber security education is necessary here.

You have to be extra conscious of sites where you fill forms with Autofill; if you do not absolutely trust that site then don’t.

Online shopping websites like Amazon and Jumia are good examples of where you can use Autofill to fill payment details at checkout. This is how I basically use autofill.


4. Manage Browser Cookies

A browser cookie is a small ‘piece of data’ a website stores on your web browser when you visit that website.

Its purpose is to help the website keep track of your visits, activities, and identity as you interact with the site.

How can browser cookies affect my browser security and privacy?

Browser cookies in themselves are not bad.

However, they become potently dangerous and work against you if they ever get hijacked.

For instance, if an attacker can get a hold of your authenticated session cookie, which they can steal via phishing techniques or with malware from your computer or browser, then they can replay the cookie in their own browsers.

The implication of this is that it enables them to be logged in as you WITHOUT needing your username, your password, and/or your second factor code (2FA) assuming you have one set up.

Secondly, cookies may be used in ways that infringe on your privacy through retargeting tracking. (Read more about cookie tracking here).

This is a situation where ads follow you around the web gathering bits of information on your browsing habits.

If you’ve ever searched for a product on Amazon and then started to see ads for that product on other websites – especially Facebook, you have been retargeted.

What should I do about Browser cookies?

Cookie tracking can only be reduced but not completely eradicated. And because some websites need it to function properly, you may not disable it entirely.

For example, it is ‘cookies’ that makes the items you add to online shopping carts stay. It’s like a memory box for browsers.

However, some third party cookies invade your privacy and you can prevent them from being set on your browser by disabling them in the settings.

Therefore one of the quick ways for securing your web browser is to disable third party cookies. It does not hurt you in any way.

Secondly, to protect the cookies which bear your authenticated session from being hijacked to impersonate you, periodically go into your browser settings to delete cookies you no longer need.

An easy and convenient way to do this is to leverage an automated ‘cookie eating’ browser extension. One we have discussed in this study that I recommend is the Cookie AutoDelete.


5. Update your Browser

I know you’ve heard this before and it sounds like common sense, but it’s VERY important for securing your web browser.

A browser update is usually an upgrade that comes with new/improved features, bug fixes and most importantly, security patches.

For most people, their browser is their first line of defense against the raging attackers on the web, so it’s super important that you are keeping it updated.

This I cannot emphasize enough.

Why is updating my browser so important?

When you use an outdated browser or one that is no longer supported, aside from missing out on all the good stuff that comes with an update, you are at risk of being hacked using a browser having a security hole.

You could be picking up a virus just by visiting a malicious website that an attacker has set up (Internet Explorer I’m looking at you).

Yes you read that right!

Some security holes found in older, retired versions of Internet Explorer can be exploited to hack your entire Windows computer, all through the browser. [Demostration coming soon]

The Homograph Phishing Attack

Worst still, you could be stuck with a serious browser vulnerability only an update can fix – the IDN Homograph Attack. 

Now before I even begin to explain what the Homograph attack is; quickly go over to this proof-of-concept website set up by Xudong Zheng, the Chinese security researcher who discovered the attack.

If your browser displays “https://www.apple.com” then your browser is vulnerable to the homograph attack!

Securing your web browser: IDN Homograph Phishing Attack Fake "Apple.com" Website.
Fake “apple.com” website, EXACTLY the same URL

Now manually type in “apple.com” in the browser address bar and see the difference.

Securing your web browser: IDN Homograph Phishing Attack REAL "Apple.com" Website.
REAL “apple.com” website

The Internationalized Domain Name (IDN) Homograph attack is a way a malicious party may deceive computer users that a website address is legitimate by abusing the fact that computers find it problematic to distinguish between Unicode characters from common ASCII characters.

In the above demo website, while it may not be obvious to the casual eyes, apple.com uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0061); and Punycode makes it possible to register domains with foreign characters like this.

At the time of the release of Zheng’s discovery, mainstream web browsers; Chrome, Firefox, and Opera were confirmed to be vulnerable to this attack.

You can check out the complete blog post by Xudong Zheng for more details on the vulnerability. Don’t forget to come back to finish up 🙂

Securing your web browser with browser updates

Run updates regularly. Not only for the browser software but also for the extensions you have installed.

On desktops, you can set up automatic updates for the major browsers like chrome and firefox.

Although, this sometimes does not always work due to special installation method of the browser. So you still have to manually check for and perform updates.

In addition, mobile users should not ignore browser updates. As soon as an update is available for your favorite browser in your app store, make sure to upgrade immediately don’t procrastinate.

Because you may not know what security flaw that update addresses unless you follow cybersecurity news and trends.

Chrome now even displays a red arrow on their mobile browser app whenever you are behind on updates.

"Update Chrome" Browser Warning on Android
“Update Chrome” warning on Android

Secondly, stick to using only browsers which have ongoing support and are updated regularly by their developers.

You should make your choice of browser to use from the list of best web browsers available such as Chrome, Firefox, Opera, and Edge.

Important! If your company policy still restricts employees to the use of Internet Explorer as the base browser in your organization, you are committing a cyber security sin.

Microsoft, the developers of the once super popular web browser, Internet Explorer (IE) has since ended support for ALL versions of the browser except IE version 11 (which would continue to receive update and support).

However, on their products page, they point customers away from IE 11 to their newer web browser: Microsoft Edge which may soon be deprecated too.

Lastly, simply using an up-to-date version of your browser addresses the Homograph issues on Chrome and Opera web browsers.

Google fixed the Unicode Phishing vulnerability in Chrome version 59 and Opera Software released a security patch in Opera Stable v44.0.2510.1449.

Mozilla does not have an official fix yet for Firefox but users can in the meantime disable Punycode support manually.

  • step 1: Type about:config in your Firefox address bar and hit enter.
  • step 2: Search for Punycode
  • step 3: This will bring up network.IDN_show_punycode. Double-click, right-click or toggle to modify the value to True.

Final Thoughts

In this study, we discussed the top 5 ways, assisted by technology, that can get you rock solid browser security.

If you take to practice what we’ve discussed here you would not only be securing your web browser but you would also be boosting your online privacy as well as removing yourself from being a low-hanging fruit to cyber attackers on the internet.

That’s it! Thank you for reading.

Feel free to leave me a comment if you have any questions or think I have left anything out.

Also consider spreading the word about this article, if you enjoyed it, using one of the social sharing buttons below or above this post.

0 0 vote
Article Rating
Subscribe
Notify of
guest
5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ang
Ang
February 1, 2019 10:54 AM

Nice one
Thanks a lot for bringing this to us

Emilola Samuel
Emilola Samuel
February 1, 2019 11:47 AM

Superb thanks for sharing

Justin
April 15, 2020 8:51 PM

Its not my first time to pay a quick visit this
site, i am browsing this website dailly and get nice
data from here everyday.

P.S. If you have a minute, would love your feedback on my new website re-design. You
can find it by searching for “royal cbd” – no sweat
if you can’t.

Keep up the good work!

5
0
Would love your thoughts, please comment.x
()
x
Scroll to Top