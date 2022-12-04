Data removal company Incogni analyzed the risk profiles of 1,237 Chrome extensions available on the Chrome Web Store. The study reveals that 1 in 2 Chrome extensions (48.66%) has a High to Very High-Risk Impact, asking for permissions that could potentially expose Personally Identifiable Information (PII), distribute adware and malware, and log everything users do, including the passwords and financial information they enter while online.

Key findings:

1 in 2 (48.66%) Chrome extensions have a High to Very High-Risk Impact

Risk Impact is defined, first and foremost, by the permissions a given extension requires at installation.

1 in 4 (27%) Chrome extensions collect data.

Chrome extensions used for writing are the most data-hungry (79.5% collect at least one data point), collect the most data types on average (2.5), and are also the riskiest, asking for the most permissions, with one of the highest average Risk Impact scores (3.7/5.0).

79.5% of writing aid extensions examined collect user data

Almost half of the 1,237 Chrome extensions analyzed score highly on Risk Impact, a measure of the potential consequences of an extension being or turning malicious. While just over 1 in 4 (27%) of all Chrome extensions examined collect user data, almost 4 in 5 (79.5%) writing aid extensions do so.

Writers, bloggers, and language learners need to pay particular attention to how they augment their browsers. Writing extensions collect the greatest number of data types (2.5 on average) and have the highest average Risk Impact scores (3.7/5.0).

Drilling down into the types of data writing extensions collect, we see that 56.4% collect PII (Personally Identifiable Information) and 33.3% collect location data. That’s a lot of trust to place in a company that’s looking to monetize its interactions with you.

Aleksandras Valentij, Information Security Officer at Surfshark said,

« Users should be extremely cautious with browser extensions that require the following permissions: read and change all your data on all websites you visit, audio capture, browsing data, clipboard read, desktop capture, file system, geo location, storage, and video capture. The general advice in such cases is to use common sense when granting permissions to browser extensions. For example, why would an ad blocker need audio capture access or access to your file system? If you have doubts, simply don’t use that particular add-on. There are plenty of alternatives for each add-on out there. »

Although installing extensions only from trusted developers with a history of ethical software development and high user ratings provides some level of protection, it doesn’t guarantee it. Extensions, like any other proprietary software, can change hands without notice.