January 1, Browser Extensions Pose Major Privacy Risks for Millions, Study Warns

In today’s digital age, where nearly everything we do happens online, browser extensions have become essential tools for making our online tasks easier. From saving money while shopping to correcting typing mistakes and boosting productivity, they simplify our online life. However, there’s a hidden danger lurking behind these conveniences: new research has revealed that some browser extensions might be stealing your personal information as you browse.

A recent study conducted by the Georgia Institute of Technology has uncovered alarming details about the potential misuse of browser extensions. Researchers examined over 100,000 software add-ons available on the Google Chrome Web Store using a special software they developed called Arcanum. The focus was on how these programs collect user data from websites when installed.

Dr. Frank Li, an assistant professor at Georgia Tech, highlighted the concerns: “We know from prior research that browser extensions collect users’ browser activity and history, but some of the most sensitive user data is located within webpages, such as emails, social media profiles, medical records, banking information, and more. We wanted to know if extensions are also collecting personal data from these webpages.”

The study zeroed in on how browser extensions managed sensitive data on popular websites such as Amazon, Facebook, Gmail, Instagram, LinkedIn, Outlook, and PayPal. The results were concerning—3,028 browser extensions were found to be collecting sensitive data, affecting more than 144 million users. Even more alarming, 202 of these programs were uploading sensitive information, including the contents of emails, banking details, and private social media activity, to external servers without user consent.

Researcher Qinge Xie cautioned, “Unfortunately, the same capabilities that extensions rely on to enrich the web browsing experience can also be abused to harm user privacy, potentially without users’ knowledge or explicit consent. Even in cases where data collection is benign and necessary for legitimate functionality, it introduces privacy risks.”

This isn’t an isolated issue. A Stanford University study published in June 2024 found nearly 280 million installations of Google Chrome extensions containing malware between July 2020 and February 2023. Additionally, in August, it was revealed that over 300,000 users were compromised by a malicious browser extension available for Google Chrome and Microsoft Edge.

The research team at Georgia Tech suggested that Google needs to take a stronger stance against risky browser extensions and better enforce its security policies. Additionally, major companies collecting data should take extra steps to safeguard it from potential breaches and leaks.

Dr. Li emphasized, “I don’t believe individual users should have to bear the burden of worrying about their privacy or protecting their data, because they may not have the capability or technical knowledge to figure out what’s happening.”

Despite the risks, there are ways to protect yourself online. Carefully review every browser extension before downloading, read their privacy policies, limit their permissions, and perform regular digital housekeeping by removing unused extensions. Enabling Enhanced Protection mode on Google Chrome can also help mitigate risks.

Stay vigilant and safeguard your online privacy. The convenience of these tools should not come at the cost of your personal information.

As our loyal readers, we encourage you to share your thoughts and opinions on this issue. Let your voice be heard and join the discussion below.

Source