Google Chrome extensions could pose high security risk, researchers fear

Extensions for Google Chrome, those small add-ons that make the popular browser more functional, are actually quite a big security risk, new research has found.

Earlier this week, data protection firm Incogni published a new report, based on an analysis of 1,237 Google Chrome extensions available for download at the Chrome Web Store. 

According to the report, almost half of the extensions analyzed (48.66%) have either high or very high-risk impact, meaning they’re highly likely to be storing sensitive, personally identifiable data.

Data-hungry extensions

More than a quarter of these add-ons (27%) collect data, which seems to be the number one concern for Incogni. 

Of all the various extensions that are available for download, writing add-ons such as Grammarly are considered the most data-hungry ones. 79.5% collect at least one data point. Furthermore, these types of extensions collect the most data types, on average (2.5 data types), the report suggested. 

Finally, Incogni sees writing extensions as the riskiest of the bunch, as they’re asking for the most permissions. All of this makes them carry one of the highest average risk impact scores, 3.7/5. 

Besides writing extensions, those in the shopping category were found to be equally worrisome, as almost two-thirds (64.9%) collect user data. With an average risk impact score of 3.9/5, this makes them the most potentially harmful ones out there. 

Due to the fact that some extensions won’t work properly without being given the right permissions (including some that Incogni describe as “scary”, such as clipboard read and browsing data), it is important to only choose extensions coming from trusted developers. 

“A trusted developer is one with a history of problem-free software development and high user ratings,” the researchers said.

Even then, users should be vigilant, as a developer can always turn bad actor, while reviews and ratings could be bought/tampered with by bots. 

Go to Source