Google Chrome extensions could pose high security risk, researchers fear

Certain browser add-ons are gathering your sensitive data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Extensions forGoogle Chrome, those small add-ons that make the popularbrowsermore functional, are actually quite a big security risk, new research has found.

Earlier this week, data protection firm Incogni published a new report, based on an analysis of 1,237GoogleChrome extensions available for download at the Chrome Web Store.

According to the report, almost half of the extensions analyzed (48.66%) have either high or very high-risk impact, meaning they’re highly likely to be storing sensitive, personally identifiable data.

Data-hungry extensions

More than a quarter of these add-ons (27%) collect data, which seems to be the number one concern for Incogni.

Of all the various extensions that are available for download, writing add-ons such asGrammarlyare considered the most data-hungry ones. 79.5% collect at least one data point. Furthermore, these types of extensions collect the most data types, on average (2.5 data types), the report suggested.

Finally, Incogni sees writing extensions as the riskiest of the bunch, as they’re asking for the most permissions. All of this makes them carry one of the highest average risk impact scores, 3.7/5.

Google wants to help you avoid bad Chrome extensions>Malicious Google Chrome extensions installed on more than one million devices>Here are the best endpoint protection solutions today

Besides writing extensions, those in the shopping category were found to be equally worrisome, as almost two-thirds (64.9%) collect user data. With an average risk impact score of 3.9/5, this makes them the most potentially harmful ones out there.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Due to the fact that some extensions won’t work properly without being given the right permissions (including some that Incogni describe as “scary”, such as clipboard read and browsing data), it is important to only choose extensions coming from trusted developers.

“A trusted developer is one with a history of problem-free software development and high user ratings,” the researchers said.

Even then, users should be vigilant, as a developer can always turn bad actor, while reviews and ratings could be bought/tampered with by bots.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Sihoo Doro S100 ergonomic office chair review