A recent study by Duo revealed that over 100.000 out of 120.000 Chrome extensions have no privacy policy listed. On top of that, over 93.000 have no support site listed. These things can easily be fixed, which would drastically improve the security of an extension. So why would companies neglect to list them?

Chrome extensions collect your data

Many extensions don’t handle your personal data with any care. Extensions are supposed to only collect a specific type of data. Ad-blockers, for example, should only handle ads. Not all of your other data as well. However, it has come to light that over 35% of Chrome extensions can read all your data. Furthermore, Duo revealed that “31.8% used third-party libraries that contained publicly known vulnerabilities.” Duo created CRXcavator for you to check the security of your Chrome extensions.

Chrome extensions sell your data

What do they want with your data? Well, most of them sell it to third parties. This raises concerns because in a best-case scenario these third parties will only use your data to create targeted ads. Yet, they could also find out exactly who you are, collect your passwords, collect your bank details, and collect other sensitive information. In addition, a number of extensions get sold to malicious parties, who update them to contain malware.

VPN extensions leak your data

A lot of VPN extensions have been known to leak your data as well. Without proper DNS leak protection, a VPN won’t be able to prevent Chrome from sending DNS queries to ISPs. VPNs that have leaked data include Hola VPN, Betternet, Touch VPN, Opera VPN and many more. Some fixed the issue, but others, such as Hola VPN, refuse to add DNS leak protection. To find a trustworthy VPN that won’t ever leak your data, check out our top 10 VPN providers.

Leave a Reply