New research finds that Chrome web browser extensions, often used to extend their capabilities, actually pose a significant security risk.
Data protection firm Incogni recently published a report based on an analysis of 1,237 Google Chrome extensions available for download from the Chrome Web Store.
According to the report, nearly half (48.66 percent) of the extensions analyzed had a high or very high-security risk, which means they are very likely to be storing sensitive and identifiable data.
Incogni said in its report that more than a quarter of extensions (27 percent) collect data, which was the number one concern for the company.
Of all the different plugins available for download, the correction and enhancement plugins like Grammarly are the most data-hungry. The percentage of typing correction and improvement additions that collect at least one type of data was about 79.5 percent. Moreover, these types of add-ons collect the most data types, which are on average 2.5 data types.
Incogni considers typing correction and enhancement plugins to be among the most dangerous; Because it requests the most permissions. All of this makes it one of the highest impact severity scores: 3.7 out of 5.
Alongside writing extensions, shopping category extensions were found to be equally at risk, with nearly two-thirds (64.9 percent) collecting user data. The average risk of this category of add-ons is about 3.9 out of 5, which makes it the most dangerous of all add-ons.
Given the fact that some extensions won’t function properly without the proper permissions, including what Incogni describes as scary: clipboard reading and browsing data, it’s important for every user to choose extensions that come from trusted developers.
“A trusted developer is one who is recognized for developing problem-free software and has high user ratings,” the researchers at Incogni said.
It is also believed that even if the developer is trusted, users should be vigilant; Because developers’ intentions can change, and it’s easy to buy or manipulate reviews and ratings using bots.
