Two-thirds of popular AI Chrome extensions could wreak havoc on user security if turned malicious
August 2023 by Incogni
Incogni conducted a study analyzing 70 AI Chrome extensions across 7 categories and found that 69% of analyzed extensions have a high risk impact, meaning that they could be highly damaging to users’ cybersecurity if turned malicious (e.g., breached)—all 10 analyzed AI-powered writing extensions fall into this category. Furthermore, 59% of analyzed extensions were found to collect user data, with some of these collecting personally identifiable information.
"AI Chrome extensions offer undeniable convenience, but safeguarding your privacy and security should be a top priority. Understanding the data you share with extensions and their reliability in keeping it safe is crucial. By being cautious in choosing AI Chrome extensions and staying informed about their potential risks, users can embrace the benefits of AI while safeguarding their personal information," advises Darius Belejevas, Head of Incogni.
AI-powered extensions tend to require many permissions, which could seriously harm their users if the extensions get compromised. 48 out of 70 have a high or very high risk impact*. Luckily, 60% of analyzed extensions were found to have a low risk likelihood**.
Analyzing AI-writing extensions in particular, Incogni’s researchers found that all 10 (including Grammarly and HyperWrite) had a high risk impact. This was the only category to contain exclusively high risk impact extensions.
Incogni’s research points out that 10 of the analyzed extensions have both a high risk impact and very high risk likelihood. Therefore, users are urged to carefully check risk metrics, required permissions, and data collection practices of AI Chrome extensions before installation to protect against data theft and invasion of privacy.
Over 59% of the investigated extensions collect user data, with 44% of them collecting personally identifiable information (PII). This includes data points like the user’s name, address, and identification number.
As these advanced language models and language-processing algorithms revolutionize technology, users must exercise caution and prioritize privacy and security when using AI-based Chrome extensions.
For more information on Incogni’s study, please visit the link:
NOTES TO EDITORS
Incogni is a personal information removal service that helps customers opt out from data broker databases. With the launch of people search site removals, Incogni is now one of the most comprehensive personal information removal services on the market, covering 180+ data brokers. The company’s mission is to empower individuals to take control of their personal information and protect their privacy. With its user-friendly platform and automated removal requests, Incogni makes it easy for customers to opt out of data broker databases, saving them hundreds of hours of tedious work.
*Risk impact is a measure based on the number of permissions an extension requires. Extensions with a low risk impact score can’t do much harm, even if they get into the wrong hands. Extensions with a high risk impact, on the other hand, could be highly damaging if they get into the wrong hands because of the data they can access.
**Risk likelihood is related to the perceived probability of a Chrome extension turning malicious. It’s derived by considering the publisher’s and extension’s reputation on the Chrome Web Store, how long the extension has been available on the store, and other data points concerning the extension.