Researchers fear that Google Chrome extensions may pose a high security risk

Accessories Google ChromeThose little extras that make it popular browser More effective, it poses a significant security risk, new research finds.

Earlier this week, data protection company Incogni published a new report, based on an analysis of 1,237 Google Chrome extensions available for download in the Chrome Web Store.

According to the report, nearly half of the analyzed extensions (48.66%) have a high or high risk profile, which means they are very likely to store sensitive and personally identifiable data.

Data-hungry extensions

More than a quarter of these extensions (27%) collect data, which seems to be Incogni’s number one concern.

Among all the different extensions available for download write add-ons like grammar It is the most demanding of data. 79.5% collect at least one data point. Moreover, these types of extensions collect the most types of data, on average (2.5 data types), the report suggested.

Finally, Incogni finds writing extensions to be the most dangerous, because they ask for the most permissions. All of this makes it carry one of the highest average risk impact scores, 3.7/5.

Besides writing extensions, those in the Shopping category were found to be equally worrisome, as nearly two-thirds (64.9%) collect user data. With an average hazard impact score of 3.9/5, that makes them the most damaging out there.

Due to the fact that some extensions won’t function properly without the correct permissions granted (including some that Incogni describes as “scary”, like clipboard reading and browsing data), it’s important to only choose extensions coming from trusted developers.

“A trusted developer is one with a history of problem-free software development and high user ratings,” the researchers said.

Even then, users need to be vigilant, as the developer can always turn out to be a bad actor, while reviews and ratings can be bought/manipulated by bots.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version