By: Lisa Ulrich, Minnesota IT Services Security Architect 

To make digital accessibility tests fast and easy, many people try using bookmarklets and browser extensions. These can be good tools to use. But like all things we use on our computers, we need to: 

• Choose our tools with security in mind.
• Consider the type of data we enter when using them.

Definitions of common tools

Start by learning the definitions of these common tools.

A bookmarklet is a small piece of JavaScript code that saves as a browser bookmark. When you click on a bookmarklet, the JavaScript code executes in your browser. This code can do anything that JavaScript can do, such as: 

• Add a filter to a web page.
• Change the text on a web page.
• Open a new web page.

A browser extension is a software program that adds new features or functionality to your browser. You can use extensions to do things like: 

• Block ads.
• Change the look of your browser.
• Add new tools and features.

Bookmarklets: Risks and Safe Usage 

When you click on a bookmarklet, it runs the JavaScript code that was saved as a bookmark. This JavaScript code is executed in your browser. Cyber criminals can use this code to steal your data, install malware, read your passwords stored in your cookies or even take control of your computer.

Here are some of the risks associated with using bookmarklets:

• Cyber criminals can use malicious bookmarklets to steal your personal data, such as your passwords, credit card numbers, or social security number. They may also use them to install malware on your computer which can damage your files or even take control of your computer.
• Bookmarklets code can read other tabs you have open.
• Cyber attackers may target bookmarklets. They can make changes to the code to make them malicious.

To minimize the risk of using bookmarklets, you should:

• Only use bookmarklets from trusted sources.
• Be careful about what information you enter on websites that you access using bookmarklets. 
• Open a new browser incognito window when using bookmarklets.
• Be aware of other tabs you have open before running a bookmarklet.
• Use test accounts while using bookmarklets. Do not enter your work or personal account usernames and passwords. 

Risks and Safe Usage for Browser Extensions 

Browser extensions are software programs that add new features or functionality to your browser. You can use them to do things like: 

• Block ads.
• Change the look of your browser.
• Add new tools and features.

Be aware that browser extensions can also pose security risks. Here are some of the associated risks:

• Malicious extensions: Cyber criminals can use them to steal your personal data, such as your passwords, credit card numbers, or social security number. They may also use them to install malware on your computer. This can damage your files or even let them take control of your computer.
• Permissions: When you install a browser extension, you grant it certain permissions. These permissions can allow the extension to access your personal data, such as your browsing history, cookies, and bookmarks. If the extension is malicious, it can use these permissions to steal your data or track your browsing activity.
• Update vulnerabilities: Browser extensions are software programs. This makes them susceptible to security vulnerabilities. If an extension is not properly updated, attackers can use these vulnerabilities to gain access to your computer.

Browser extensions typically are not updated by your IT department and it is up to you to be sure they kept up to date.

Improve the Security When Using Extensions

To minimize the risk of using browser extensions, you should:

• Only install browser extensions from trusted sources.
• Read the permissions carefully before installing an extension. Only install extensions that you trust and that only need the permissions that they need.
• Keep your browser and extensions up to date with the latest security patches.
• Avoid browser extensions that are not approved especially when accessing high-compliance data.
• Browser extensions can affect your computer’s overall performance. Remove ones not in use.

Fact: Incognito mode does not protect your data from a browser extension or bookmarklet.

By following these tips, you can help to minimize the risk of using bookmarklets and browser extensions. Help keep your data safe.