Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Third of All Chrome Extensions Request Access To User Data on Any Site

Posted by msmash on from the upon-further-inspection dept.

More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.

2 of 60 comments (clear)

  1. We take your privacy seriously (lol) by sjbe · · Score: 4, Interesting

    More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website

    But we were assured that Google takes our privacy seriously! Glad to see Google is really on top of this.

    a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed.

    What possible utility could there be in 120,000 different extensions? Who in the name of Thor's ugly sweater is actually using these things? I use about 5 extension on my browser of choice (Firefox for me), all fairly popular and I really cannot see any circumstance where I would use more than 10. There is no sane argument for that many extensions without a huge number of them being malware.

  2. User indifference by sjbe · · Score: 3, Interesting

    So are these extensions up to something nefarious, or are they being forced to request this "all data / any web site" access because finer grained permissions aren't there?

    My guess would be that they ask because they can and because most users will not pay enough attention to choose some other option even if one is provided - which it won't be. Never mind that with 120,000 (!?!) extensions a HUGE number of these have to be malware of some description. There just isn't that much need for that many different extensions.