Pages

Beware of These Data Hungry Chrome Browser Extensions

Using browser extensions has become quite popular because of the fact that this is the sort of thing that could potentially end up expanding the functionality of one’s web browser. In spite of the fact that this is the case, a number of extensions have been found to harvest far too much user data. Research from Incogni which analyzed 1,237 of the most widely used Chrome Extensions found that hundreds of them were concerningly data heavy and were putting user privacy at risk.

With all of that having been said and now out of the way, it is important to note that 48.66% of the extensions that were analyzed were found to ask for permissions that could jeopardize sensitive data. They might not have malicious intents behind asking for such permissions, but if the extension gets compromised it might give bad actors an easy way to steal data without the users being able to protect themselves.

According to this report, users should avoid using an extension if it asks to read and modify all of your data pertaining to site visits. Audio capture, browsing data, location information and many more things could make users less safe than might have been the case otherwise.

14.07% of the extensions included in this analysis asked for personally identifiable information. 13.02% asked for web content, 8.89% kept a close eye on user activity, 6.87% asked for user location, and 6.06% went as far as to request access to authentication information.

Writing extensions are particularly troublesome from a PII point of view, with 56% of them collecting PII data and over 30% collecting precise location data with all things having been considered and taken into account.

Shopping extensions may be even worse, since almost 65% of them ask for access to data that is extremely sensitive in nature. They also have the highest number of average data types collected with 1.4. That means that they all request at least 1 type of data, and many of them ask for more than one as well.

A good rule of thumb to follow if you want to use Chrome extensions in a safer manner is to see if the requested permissions pertain to the functionality of the extension itself. An ad blocker shouldn’t have to access files on your device, nor would a Netflix extension need to monitor your site activity on other websites.

Chrome extensions in general can be a bit of a risky proposition, so users need to be made aware of what can go wrong. Cyber attacks are on the rise and extensions can provide a lot of openings that malicious actors can exploit without too much effort.





Read next: New Warning Issued Against Phishing Campaign That Uses Facebook Posts To Steal User Data

No comments: