Hundreds of Google Chrome extensions ask for permissions that could expose personal data, distribute adware and malware, and log user activity, including passwords and financial information, a new research shows.
Many extensions have access to virtually everything you do in your browser, including all your keystrokes, data privacy agent Incogni said after analyzing 1,237 popular Chrome extensions. If a certain extension gets compromised, a bad actor will find themselves with a treasure trove of user information.
If an extension like this was to get compromised, a bad actor could spy on the users’ every move and steal login and financial details from any site they visit.
“Users should be extremely cautious with browser extensions that require the following permissions: read and change all your data on all websites you visit, audio capture, browsing data, clipboard read, desktop capture, file system, geo-location, storage, and video capture,” Aleksandras Valentijus, Information Security Officer at Surfshark, said.
Incogni’s study revealed that 1 in 2 Chrome extensions (48.66%) has a high to very high-risk impact, meaning that it’s asking for permissions that could put users’ personally identifiable information (PII), financial information, and passwords at risk.
Filtering the results by keywords that speak to different use cases, the study revealed that the ones used for writing are the most data-hungry, with nearly 80% of them collecting at least one data point. Almost 56% of writing extensions collect PII, and one-third collect location data.
“Writers, bloggers, and language learners need to pay particular attention to how they augment their browsers,” Incogni said.
Incogni also filtered the data by categories and found that nearly 65% of shopping extensions are collecting user data.
“The general advice in such cases is to use common sense when granting permissions to browser extensions. For example, why would an ad blocker need audio capture access or access to your file system? If you have doubts, simply don’t use that particular add-on. There are plenty of alternatives for each add-on out there,” Valentijus added.
More from Cybernews:
Subscribe to our newsletter