Crime
Browser Extensions Exposed in Massive Data Collection Scandal Affecting Millions
Clear Facts
- New research from Georgia Tech reveals that some browser extensions may be collecting sensitive personal data.
- Over 3,000 browser extensions were found to be collecting data from websites, affecting more than 144 million users.
- 202 extensions were identified as uploading sensitive data to servers, impacting over 300,000 users.
In today’s digital age, browser extensions have become indispensable tools for enhancing productivity and streamlining online activities. From saving money while shopping to correcting grammar, these add-ons have become essential for many internet users. However, recent research indicates that these helpful tools might come with significant risks.
A team at the Georgia Institute of Technology has conducted an in-depth study on over 100,000 browser extensions available on the Google Chrome Web Store. Utilizing a new software called Arcanum, they monitored how these extensions collect user data.
“We know from prior research that browser extensions collect users’ browser activity and history,” said Frank Li, PhD, an assistant professor at Georgia Tech.
He added, “Some of the most sensitive user data is located within webpages, such as emails, social media profiles, medical records, banking information, and more.”
The study focused on popular websites like Amazon, Facebook, Gmail, Instagram, LinkedIn, Outlook, and PayPal. The results were alarming: 3,028 browser extensions were found to be collecting sensitive data, impacting over 144 million users.
More concerning is that 202 of these extensions were uploading sensitive data to servers. This data included “the contents of emails, private social media profiles and activity, banking information, and professional networks,” affecting more than 300,000 users.
Qinge Xie, a researcher from Georgia Tech, highlighted the dual nature of browser extensions.
“Unfortunately, the same capabilities that extensions rely on to enrich the web browsing experience can also be abused to harm user privacy, and potentially without users’ knowledge or explicit consent,” Xie explained.
Even when data collection is necessary for functionality, it introduces privacy risks. Sensitive data can be stored by third parties, who might share or leak it during a data breach.
This isn’t the first time browser extensions have come under scrutiny. A Stanford University study published in June 2024 found that around 280 million installations of Google Chrome extensions contained malware between July 2020 and February 2023. Additionally, over 300,000 users were affected by a malicious browser extension available for Google Chrome and Microsoft Edge in August.
The Georgia Tech researchers suggest that Google should enforce stricter security policies on browser extensions. They also urge companies that collect data to be vigilant about protecting it from breaches and leaks.
“I don’t believe individual users should have to bear the burden of worrying about their privacy or protecting their data, because they may not have the capability or technical knowledge to figure out what’s happening,” Li stated.
Despite these risks, there are steps you can take to stay safe online. Carefully review each browser extension before downloading, including reading their privacy policies. Limit the sites each extension can access from your settings. Regularly remove old extensions and consider enabling Enhanced Protection mode on Google Chrome to mitigate malware and other risks.
Let us know what you think, please share your thoughts in the comments below.
