Google Chrome extensions could pose high security risk, researchers fear
>
Google Chrome extensions, those little add-ons that make the popular browser more functional, actually pose a pretty big security risk, according to new research.
Earlier this week, data protection firm Incogni published a new report, based on an analysis of 1,237 Google Chrome extensions available for download on the Chrome Web Store.
According to the report, nearly half of the extensions analyzed (48.66%) have a high or very high risk impact, meaning they are very likely to store sensitive, personally identifiable data.
Data hungry extensions
More than a quarter of these add-ons (27%) collect data, which seems to be Incogni’s main concern.
Of all the different extensions available for download, writing add-ons like Grammarly are considered the most data-hungry. 79.5% collect at least one data point. In addition, these types of extensions collect the most data types on average (2.5 data types), the report suggested.
Finally, Incogni considers writing extensions the riskiest of the bunch, as they ask for the most permissions. All this ensures that they have one of the highest average risk impact scores, 3.7/5.
In addition to writing extensions, those in the shopping category were found to be equally concerning, as nearly two-thirds (64.9%) collect user data. With an average risk impact score of 3.9/5, these are the most potentially harmful out there.
Due to the fact that some extensions don’t work properly without proper permissions (including some that Incogni describes as “scary”, such as clipboard reading and browsing data), it’s important to only choose extensions that come from trusted developers.
“A trusted developer is someone with a history of trouble-free software development and high user ratings,” the researchers said.
Even then, users should be vigilant as a developer can always turn into a bad actor while reviews and ratings can be bought/tampered by bots.
- Protect your browsing with the best firewalls (opens in new tab) straight away