Vue Browser Extension

[Jenine Killebrew]

Abrowser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.[1]

Browser plug-ins are a different type of module and no longer supported by the major browsers.[2][3] One difference is that extensions are distributed as source code, while plug-ins are executables (i.e. object code).[2] The most popular browser, Google Chrome,[4] has over 100,000 extensions available[5] but stopped supporting plug-ins in 2020.[6]

Internet Explorer was the first major browser to support extensions, with the release of version 4 in 1997.[7] Firefox has supported extensions since its launch in 2004. Opera and Chrome began supporting extensions in 2009,[8] and Safari did so the following year. Microsoft Edge added extension support in 2016.[9]

In 2015, a community group formed under the W3C to create a single standard application programming interface (API) for browser extensions.[10] While this particular work did not reach fruition,[11] every major browser now has the same or very similar API due to the popularity of Google Chrome.[4]

Chrome was the first browser with an extension API based solely on HTML, CSS, and JavaScript. Beta testing for this capability began in 2009,[12][13] and the following year Google opened the Chrome Web Store. As of June 2012, there were 750 million total installations of extensions and other content hosted on the store.[14] In the same year, Chrome overtook Internet Explorer as the world's most popular browser,[15] and its usage share reached 60% in 2018.[16]

Because of Chrome's success, Microsoft created a very similar extension API for its Edge browser, with the goal of making it easy for Chrome extension developers to port their work to Edge.[17] But after three years Edge still had a disappointingly small market share, so Microsoft rebuilt it as a Chromium-based browser.[18][19] (Chromium is Google's open-source project that serves as the functional core of Chrome and many other browsers.) Now that Edge has the same API as Chrome, extensions can be installed directly from the Chrome Web Store.[20]

In 2015, Mozilla announced that the long-standing XUL and XPCOM extension capabilities of Firefox would be replaced with a less-permissive API very similar to Chrome's.[21] This change was enacted in 2017.[22][23] Firefox extensions are now largely compatible with their Chrome counterparts.[24]

Apple was the last major exception to this trend, but support for extensions conforming to the Chrome API was added to Safari for macOS in 2020.[25] Extensions were later enabled in the iOS version for the first time.[26]

In 2021, these browser vendors formed a new W3C community group, called WebExtensions, to "specify a model, permissions, and a common core of APIs".[27] However, Google joined this during its overhaul of Chrome's extension API, known as Manifest V3, which greatly reduces the capability of ad blockers and privacy-related extensions.[28][29][30] Thus the WebExtensions group is viewed by some extension developers as nothing more than Google imposing its Manifest V3 design.[31][32][33]

Browser extensions typically have access to sensitive data, such as browsing history, and they have the ability to alter some browser settings, add user interface items, or replace website content.[34][35] As a result, there have been instances of malware, so users need to be cautious about what extensions they install.[36][37][38][39]

Some Google Chrome extension developers have sold their extensions to third-parties who then incorporated adware.[41][42] In 2014, Google removed two such extensions from the Chrome Web Store after many users complained about unwanted pop-up ads.[43] The following year, Google acknowledged that about five percent of visits to its own websites had been altered by extensions with adware.[44][45][46]

If the Bitwarden desktop app is installed and running in the background, it should be able to communicate with a Firefox (or other) browser extension, so that it is not necessary to unlock the vault after each time the browser is closed. As it is now, even if the vault timeout is set to 1 hour and it was just unlocked a minute ago, once the browser window is closed, then opened again a few seconds after, Bitwarden has already locked. If the Bitwarden desktop app is running anyway in the background (which is optional), it could make itself useful by holding the timeout open, while a browser is closed and reopened (assuming within the time specified).

Further, if a login is launched from the Bitwarden desktop app, it is then neccesary to enter the PIN a second time, once to open the Bitwarden desktop app and then again to unlock the browser extension, even if all that was done in 30 seconds.

And the timeout should not blindly expire once the time is met. Bitwarden should be able to tell that since the last time it was unlocked, another login or form has been filled since and then reset the timeout to the last time of Bitwarden use. Or even better, monitor the computer for idle and as long as it is not idle, keep extending the timeout.

I use bitwarden via the desktop app and in different browsers on one System, and I always have to log in to each individual app with my masterpassword.

Is it possible to enter the masterpassword only once and then be activated in all browsers and app?

What do you think about that it?

All four installations act independently as far as locking/unlocking goes, so even if I set the autolock timeout to 4 hours on all of those, I quite frequently have to retype the password because I close and switch browsers.

I hope lock status of vault between client and extension could be synced everytime Chrome is launched. So that I could really keep the vault unlock until system is rebooted, rather than input password again and again everytime Chrome is restarted.

It would be nice to have the Chrome extensions automatically unlock if the desktop application is present and unlocked - saves a lot of mouse clicks to bring up the extension, then either type the password or hit another button to enable the biometric unlock.

Desktop, cli and web extensions all have different vaults, so you have to manage login and syncing for them separately. I currently have five different instances (desktop app, two different browsers, bwcli and a linux-kde-krunner)

There are multiple services I can see built on this: autofill, secretservice, kwallet, krunner, web extensions, cli, gui, ssh agent. This would simplify much for the community and other external parties.

An example is KeePassDX, which made it a bit different, and made their desktop client a master (a service) for web extensions, secretservice, ssh and more, but I think a UI-less solution would be more extendable and less messy.

I was wondering if there was any update on this?

Every Password manager that I have used in the past which has come with a desktop app has allowed me to unlock the app which automatically unlocks the browser extensions.

Similar to a few people above, I use different browsers and it can be teadious constantly having to unlock the browser extensions.

It would be nice if signing into the app would also sign into any browser extensions running or the other way around. Syncing the extension/app lock would be a nice bonus. Coming from Dashlane, it is the main feature I miss.

Can we get some insight on this? As a developer I often jump between Chrome, Firefox, Brave, etc. When I have to log into a site, I have to re-log into Bitwarden in every single browser. I often close the browser to free up desktop space/memory. Necessitating the need to re-login frequentl.

When we unlock the browser extension, the desktop app would unlock as well (assuming it is already running) and, conversely, when the desktop app locks because, say, the system is put to sleep, the browser extension would lock too.

I see good reviews (iOS app store 4.9 stars) and come across a few articles praising Bitwarden. Helpful that Bitwarden is cross platform and web interface. Mainly use macOS and iOS but good for BYOD employees.

For new developers, it generally takes a few months to become trusted. Eventually, we strive for all developers with compliant extensions to reach this status upon meeting our developer program policies.

To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements. With this, Chrome may disable extensions that do not meet these requirements.

I use 1Password pretty much to keep track of the hundred or so different userid/password combinations and was recently encouraged to install the Windows app as it was supposed to provide additional functionality in version 8. All I see from the Windows App so far is a considerable additional overhead in the Firefox browser. What am I missing?

Nothing, except that the desktop app provides more functionality than the browser extension. If the browser extension is all you need, you're fine. The desktop app helps you to organize your data better. It has tags for customized categories, and the editor is better than the web-based one.

It also has the advantage that you configure it in a way that it shares its unlock with the browser extension, and you can configure the desktop app to conveniently unlock with a pin instead of always having to enter the long master password. So you need to enter your master password only once after every machine reboot, but after that you only need to enter the pin.

I see the browser extension as read-only user of my data, while I see the desktop app as editor and manager of my data.

However, I'm not sure what you mean with "additional overhead" in the Firefox browser.

I likewise think of 1Password in the browser as my "daily driver" - I can do a quick lookup of credentials here, generate a new login, and so on. This is the app that also makes it possible for 1Password to auto-fill passwords into your browser, so I consider it a key piece of software for that reason.

3a8082e126