Google Chrome extensions could pose high security risk, researchers fear
Certain browser add-ons are gathering your sensitive data
Extensions for Google Chrome, those small add-ons that make the popular browser more functional, are actually quite a big security risk, new research has found.
Earlier this week, data protection firm Incogni published a new report, based on an analysis of 1,237 Google Chrome extensions available for download at the Chrome Web Store.
According to the report, almost half of the extensions analyzed (48.66%) have either high or very high-risk impact, meaning they’re highly likely to be storing sensitive, personally identifiable data.
Data-hungry extensions
More than a quarter of these add-ons (27%) collect data, which seems to be the number one concern for Incogni.
Of all the various extensions that are available for download, writing add-ons such as Grammarly are considered the most data-hungry ones. 79.5% collect at least one data point. Furthermore, these types of extensions collect the most data types, on average (2.5 data types), the report suggested.
Finally, Incogni sees writing extensions as the riskiest of the bunch, as they’re asking for the most permissions. All of this makes them carry one of the highest average risk impact scores, 3.7/5.
Besides writing extensions, those in the shopping category were found to be equally worrisome, as almost two-thirds (64.9%) collect user data. With an average risk impact score of 3.9/5, this makes them the most potentially harmful ones out there.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Due to the fact that some extensions won’t work properly without being given the right permissions (including some that Incogni describe as “scary”, such as clipboard read and browsing data), it is important to only choose extensions coming from trusted developers.
“A trusted developer is one with a history of problem-free software development and high user ratings,” the researchers said.
Even then, users should be vigilant, as a developer can always turn bad actor, while reviews and ratings could be bought/tampered with by bots.
- Protect your browsing with the best firewalls right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.