New research has shown that extensions for Google Chrome, those little add-ons that add functionality to the popular browser, are actually quite a big security risk.
Earlier this week, data protection firm Incogni released a new report based on an analysis of 1,237 Google Chrome extensions available for download in the Chrome Web Store.
According to the report, almost half of the extensions analyzed (48.66%) have a high or very high risk impact, meaning that they are highly likely to store sensitive personal information.
Data-hungry extensions
More than a quarter of these add-ons (27%) collect data, which seems to be Incogni’s biggest concern.
Of all the different extensions that are available for download, writing add-ons like Grammarly are considered the most data-hungry. 79.5% collect at least one data point. Moreover, these types of extensions collect the most data types on average (2.5 data types), the report suggests.
Finally, Incogni considers writing extensions the riskiest of all because they ask for the most permissions. All of this makes them one of the highest average risk impact ratings, 3.7/5.
In addition to writing extensions, those in the shopping category turned out to be equally worrisome, as almost two-thirds (64.9%) collect user data. With an average risk impact rating of 3.9/5, this makes them the most potentially harmful.
Because some extensions won’t work properly without proper permissions (including what Incogni describes as “creepy”, such as reading the clipboard and viewing data), it’s important to only choose extensions from trusted developers.
“A trusted developer is one who has a history of trouble-free software development and high user ratings,” the researchers said.
Even then, users should remain vigilant as the developer can always become a bad actor and reviews and ratings can be bought/faked by bots.
- Protect your browsing with the best firewalls (opens in a new tab) just now