Data risk management company Incogni has found that half of every installed Google Chrome extension has a high to very high risk of collecting personal data, showing a strong correlation to the number of permissions given.
After analyzing 1,237 Chrome extensions found in the Chrome Web Store, a study by Incogni has uncovered some troubling findings. Nearly half (48.7%) of the extensions were found to potentially expose users’ personally identifiable information (PII), distribute malware and adware, and record passwords and financial information.
When Incogni drilled down its findings to determine the risk impact of the permission given to extensions during installation, it found that 1 in 4 (27%) of them collect data. An interesting nugget is writing extensions, including Grammarly and Compose AI, tend to be the most data-hungry, with almost 80% of them catching at least one data point at a time.
Writing extensions also ask for the most permissions, netting the highest risk scores of 3.7 out of 5.0, so if you have these installed, do be sure to take the necessary measures to augment your browsers and exercise caution before installing new ones.
Since most users won’t know what risks each given permission entails or the fact that extensions can’t function without certain permissions, it is advised that one should install extensions only from trusted developers. Still, even developers with high user ratings or reliable software development do not guarantee complete protection. The point is to be vigilant and practice common sense when it comes to granting and reviewing permissions.
As Aleksandras Valentij, Information Security Officer at Surfshark says, “why would an ad blocker need audio capture access or access to your file system? If you have doubts, simply don’t use that particular add-on. There are plenty of alternatives for each add-on out there.”