@csrf

23.11.2022 Featured REVEALED: 1 in 2 Google Chrome Extensions Can Harm You

Published 23rd Nov, 2022

By Daniel Ojukwu

Half the available Google Chrome extensions are capable of harming their users, Incogni, a data protection company in Netherlands, has revealed.

Its research, made available to FIJ on Wednesday, showed that after reviewing 1,237 extensions, 602 (48.66 percent) of them had a high or very high risk impact.

It also revealed that 334 (27 percent) of the sampled extensions collect users’ data. Amongst its findings was that extensions in the ‘Shopping’ category were the most potentially harmful, while those used for writing collect the most data.

The company said, “The safest extensions have a low Risk Impact and low Risk Likelihood, while the most dangerous score highly on both measures. The vast majority fall somewhere in between these extremes and it’s up to the user to decide if they’re comfortable installing a given extension.

READ MORE: 5 Google Chrome Extensions Are Silently Stealing Data From Nigerians

“Risk Impact won’t change without the user knowing, since the extension would have to request additional permissions, but Risk Likelihood can change without notice, for example when an extension changes hands.”

The distribution below shows the proportions of extensions studied that are generally considered safe (teal), that should be installed with caution (yellow), generally avoided (pink), or that are not recommended (red).

The bubble size represents the extensions count

The company further said, “Some extensions truly can’t function without certain permissions, even scary ones like clipboard read and browsing data. This is why it’s important to only use extensions from trusted developers. A trusted developer is one with a history of problem-free software development and high user ratings.

“Seeking out trusted developers is neither easy nor foolproof, though. A previously above-board developer can turn bad actor, reviews can be bought or faked, and extensions can be compromised through no fault of the developer.

“Doppelganger extensions also complicate things. You might think you’re installing a tried, tested, and trusted extension when really it’s a malicious counterfeit. These are easy to fall for if you’re not very careful to match the extension and developer names exactly.

READ ALSO: Ransomware Is Dangerous. Here’s How to Protect Your Data and Networks From It

“Finally, there’s a risk to downloading High Risk Impact extensions even from verified and trusted developers. Extensions, like any other proprietary software, can change hands without the user being made aware. You grant permissions to the extension, not its developer. A less-than-trustworthy company could then acquire the developer, publisher, or code base and do as it pleases with your data.”

Chrome extensions collecting most data. Source: Incogni

Incogni found nine extensions that collect the most user data, and represented them in the table above.

Published 23rd Nov, 2022

By Daniel Ojukwu

Advertisement

Our Stories

Man Who Accused Innoson of Selling Subpar Vehicles Is a Member of Tinubu Campaign Council

Journalists Call for the Release of Colleague Detained by Gov Ishaku

Attacks on INEC Facilities ‘Could Have Negative Consequences on Elections’

Strep A Infection Has Killed Half a Dozen UK Children

3 Years After Retirement, Ex-Policeman Can’t Get His Gratuity Because PenCom Wants Letter of Non-Indebtedness

3 Days After Denying Knowledge of Committal Order Against Him, IGP Usman Alkali Asks Court to Set It Aside

‘Once a Liar, Always a Liar’ — Why Many Oppose Onochie’s Nomination for NDDC Board Chairman

UBA

Disguised as Customer Care Agent on Facebook, Fraudster Takes N158,000 From UBA Customer

Lilac Wolverine, a Nigerian Cybercrime Syndicate, Uses Covid-19 to Lure Victims

N75,483 Meant for Passport Renewals Hangs Between NIS and Remita

Advertisement