We may earn commissions when you buy from links on our site. Why you can trust us.

Browser Extentions that Protect Against Heartbleed

by Fox Van Allen on April 15, 2014

Though news of the Heartbleed SSL bug broke early last week, the danger to your personal data is far from over. Countless websites are still vulnerable to Heartbleed data leaks, and will be for some time. The only way to surf safe is to change all your passwords, and only after you test each site you visit.

The good news: Checking sites for Heartbleed just got a whole lot easier thanks to a pair of new browser plug-ins that automate your safety research for you. Techlicious recommends you immediately download the incredibly useful Chromebleed extension for Google Chrome or the Heartbleed-Ext extension for Mozilla Firefox. Neither Apple's Safari browser nor Microsoft's Internet Explorer have plug-ins available at this time. So this would be a good time to check out a new browser, if you don't have Chrome or Firefox already installed.

Once downloaded and installed, both Chromebleed and Heartbleed-Ext check every web domain you navigate to for the Heartbleed SSL bug. If a site is still affected by Heartbleed, a small popup will alert you, reminding you that your data could be at risk.

Wisegeek Heartbleed alert

Heartbleed will likely fade from our collective memories soon, but the threat posed by the bug could persist for months or even years. Installing one of these simple browser plug-ins will help keep you protected.

You can download the Chromebleed extension from the Google Chrome Web Store. Heartbleed-Ext is available from the Mozilla Add-on Collection. Both are free of charge to download and use.

For more on keeping your computer protected against security threats like Heartbleed, check out our computer safety and support resource page.

Topics

Computer Safety & Support, News, Computers and Software, Internet & Networking, Blog

Discussion

From Greg Williams on April 16, 2014 :: 10:28 am

You completely forgot about addressing mobile applications. I use my phone a whole lot more than a computer so what about us?

From Josh Kirschner on April 16, 2014 :: 11:06 am

Unfortunately, we haven’t found any similar extensions for mobile browsing and, I suspect, the way apps are sandboxed on phones may make it difficult to develop one.

However, we’ll definitely update the story if one is available.

From Herbert Sweet on April 16, 2014 :: 11:27 am

I installed this ad-on and proceeded to check some of my password protected websites. Most of them were green and few were yellow but I found no red.

From jc on April 17, 2014 :: 6:57 pm

Before installing Chromebleed, it asks if you want to allow it to “access your data on all websites” and “access your tabs and browsing activity.”

It certainly makes sense that Chromebleed needs to access your browsing activity to know if the site you’ve browed to is safe, but why in the world does it need to access your other data? This seems a bit sketchy.

From Tony Alves on April 22, 2014 :: 1:09 pm

Hello JC,

I am one of the main developers on Chromebleed. You can see the code on Github.com/StopBleed/chromebleed
There is nothing nefarious going on. We are open source developers trying to get a tool to the masses to help them identify servers with the potential to have their vulnerability exploited.
Read here about developing with these issues: http://lifehacker.com/5990769/why-do-chrome-extensions-need-to-access-all-my-data

We would love for these permissions to be more granular. What we did is make it apparent by allowing anyone to see the code.

Hope that clears up your concern.

Tony

From Mike on April 20, 2014 :: 11:34 pm

I use LastPass, and it does the work of checking sites for Heartbleed for me. Via the ‘security check’ feature, it scans all the sites which I have a username and password for, and checks to see if the site has updated its certificates recently. If they’ve updated, I’m prompted to visit the site and change my password; if not, I’m told to wait. Simple!

P.S. If you don’t have LastPass protecting and managing your passwords, I suggest you get it ASAP. It’s the best free password manager I’ve ever used.

From Tony Alves on April 22, 2014 :: 1:44 pm

Mike,

I use LastPass also. I am not sure if they changed how they are checking the sites, at one time they were only checking certificate updates. You should really consider using a tool like Chromebleed or an online checker that does a heartbeat check. LastPass was only checking certificates and not whether the servers have been actually patched. You do not want to update a password on a site that has not been patched.

I just ran lastpass.com online heartbleed tool against the test server from cloudflare.com (www.cloudflarechallenge.com/heartbleed) which is a server setup to show a vulnerable site.
LastPass showed this message:
Site: www.cloudflarechallenge.com
Server software: nginx
Was vulnerable: Possibly (known use OpenSSL, but might be using a safe version)
SSL Certificate: Now Safe (created 2 weeks ago at Apr 10 00:00:00 2014 GMT)
Assessment: Change your password on this site if your last password change was more than 2 weeks ago

Uhhhh…. BAD!
I will be contacting them.

From TechJessie on April 21, 2014 :: 4:35 pm

I must have changed about 10 passwords already. I’ve always used RoboForm so the process is pretty easy. I can’t imagine how people get along without a password manager. Still…what a hassle the Heartbleed virus has been.

From Tony Alves on April 22, 2014 :: 1:52 pm

Hi Josh,

We have a release of Chromebleed called Stopbleed in the store that follows development releases also.

Thanks for the write up.

Browser Extentions that Protect Against Heartbleed

Discussion

Our Latest Reviews

Lenovo Tab P12 Review: Big Features, Budget-Friendly Price
Lenovo Tab P12 Review: Big Features, Budget-Friendly Price

Samsung S800D Soundbar Review: Big Sound, Ultra Slim Profile
Samsung S800D Ultra Slim Soundbar (model HW-S800D)

Samsung Music Frame Review: An Innovative Blend of Sound and Style
Samsung Music Frame

Samsung S95D Review: The Best OLED Big Screen Yet?
Samsung OLED S95D (Model Q77S95DA)

Laifen Wave Review: A Serious Challenger to Oral-B and Sonicare
Laifen Wave

New Articles on Techlicious

Virtual Cards Keep Your Credit Cards Safe Online

Make Important Email Standout in Outlook with Color Coding

New Google Maps Features Make Finding EV Charging Easier

How to Find out Who Called Me

Keycaps 101: Find the Perfect Set for Your Mechanical Keyboard

IHG Hotel TVs Get AirPlay for Easy In-Room Streaming from Your iPhone

Lenovo Tab P12 Review: Big Features, Budget-Friendly Price

Worried About Your Teen’s TikTok Use? Here’s What You Can Do

Browser Extentions that Protect Against Heartbleed

Discussion

Our Latest Reviews

Lenovo Tab P12 Review: Big Features, Budget-Friendly Price Lenovo Tab P12 Review: Big Features, Budget-Friendly Price

Samsung S800D Soundbar Review: Big Sound, Ultra Slim Profile Samsung S800D Ultra Slim Soundbar (model HW-S800D)

Samsung Music Frame Review: An Innovative Blend of Sound and Style Samsung Music Frame

Samsung S95D Review: The Best OLED Big Screen Yet? Samsung OLED S95D (Model Q77S95DA)

Laifen Wave Review: A Serious Challenger to Oral-B and Sonicare Laifen Wave

New Articles on Techlicious

Love getting helpful tech tips? Subscribe to our free newsletter!

Lenovo Tab P12 Review: Big Features, Budget-Friendly Price
Lenovo Tab P12 Review: Big Features, Budget-Friendly Price

Samsung S800D Soundbar Review: Big Sound, Ultra Slim Profile
Samsung S800D Ultra Slim Soundbar (model HW-S800D)

Samsung Music Frame Review: An Innovative Blend of Sound and Style
Samsung Music Frame

Samsung S95D Review: The Best OLED Big Screen Yet?
Samsung OLED S95D (Model Q77S95DA)

Laifen Wave Review: A Serious Challenger to Oral-B and Sonicare
Laifen Wave