AI Chrome extensions: convenience vs privacy and security

So-called AI tools bring undeniable convenience, and even a touch of magic, to the table. It’s important, however, to understand the trade-offs in using these tools. Incogni’s researchers focused on AI-powered Chrome browser extensions, examining their risk metrics, permission requirements, and data collection practices.

This study looks at 70 AI-powered Chrome extensions from 7 key categories, exploring the real-world risks of these extensions. The potential dangers associated with some AI extensions may be greater than you think.

Key insights:

• 69% of investigated extensions have a high risk impact — if turned malicious, they could be highly damaging to users’ cybersecurity.
• 10 out of 10 AI-powered writing extensions have a high risk impact.
• 10 out of 70 extensions have a high risk impact (could do a lot of harm) and a high risk likelihood (are more likely to turn malicious).
• The investigated extensions require 3.7 permissions on average. Personal assistants ask for the greatest number of permissions (5). 
• 59% of analyzed extensions collect user data.
• 44% of investigated extensions collect personally identifiable information (PII).

The majority of AI Chrome extensions have a high risk impact

Risk impact is a measure based on the number of permissions an extension requires. Extensions with a low risk impact score can’t do much harm, even if they get into the wrong hands. Extensions with a high risk impact, on the other hand, could be highly damaging if they get into the wrong hands because of the data they can access. 

Risk likelihood is related to the perceived probability of a Chrome extension turning malicious. It’s derived by considering the publisher’s and extension’s reputation on the Chrome Web Store, how long the extension has been available on the store, and other data points concerning the extension.

AI-powered extensions tend to require many permissions, which could seriously harm their users if the extensions get compromised. 48 out of 70 have a high or very high risk impact. Luckily, 60% of analyzed extensions were found to have a low risk likelihood.

This means that although over half of the studied Chrome extensions have the potential to do significant damage, most are unlikely to be compromised and turned against their users. The biggest grouping of extensions is characterized by the low likelihood, high impact classification, consisting of 29 out of 70 extensions. 

Analyzing AI-writing extensions in particular, Incogni’s researchers found that all 10 had a high risk impact. This was the only category to contain exclusively high risk impact extensions. AI-writing extensions alone accounted for over 20% of all high risk impact extensions.

While you should always be cautious when installing extensions, you should look out for extensions that have both high risk impact and high risk likelihood scores in particular. We found 10 such extensions across various categories, the most common being audiovisual generators and personal assistants. 

AI Chrome extensions request an average of 3.7 permissions each

Some permissions allow extensions to do all sorts of things with your browser, computer, and associated data. For example, the webRequest permission allows extensions to “observe and analyze traffic and to intercept, block, or modify requests in flight”.¹ The potential for serious damage is all too real should this level of access to a user’s browser get into the wrong hands.

On average, each of the studied extensions required 3.7 permissions. Some extension categories really stand out from this average. AI-powered personal assistant extensions tend to require the highest number of permissions (5 each). On the other side of the spectrum, extensions aiding programmers require an average of just 2.3 permissions. 

Some of the most frequently requested permissions are storage, tabs, and contextMenus. Storage is requested by more than 80% of investigated extensions; it allows extensions to store and read user data. Tabs is requested by 44%, meaning that the extension can create and alter the tab order of the user’s browser. Lastly, contextMenus, requested by a third of extensions, allows extensions to change what the user sees when they right-click on a website and open a contextual menu. 

While the permissions described above might seem reasonable, others have a broad range of implications. Looking through the permissions asked for by the investigated extensions, a few stand out:

• activeTab, required by 22/70 extensions (including Quillbot), allows the software to access and control the currently open site. With this permission, extensions can scan and manipulate the contents of the site¹. 
• Scripting, required by 17/70 extensions (including Grammarly, QuillBot, Monica, and ChatGPT for Search), allows extensions to inject JavaScript and CSS code into the webpage the user is on, which can drastically change the layout and contents of the page¹. 
• webRequest, required by 6/70 extensions, allows the software to intercept, block, or modify requests in-flight. These extensions can monitor and modify the data sent between users and the websites they visit¹. 

Over 59% of investigated extensions collect user data

Data collection may have some overlap with permissions (permissions are often needed to collect data), but these are ultimately separate concerns. To better understand how much data these AI Chrome extensions collect, Incogni’s researchers examined their data collection practices.

The studied extensions collect an average of 1.4 data points each. This average includes the 41% of extensions that claim not to collect any data points at all. Each of the seven AI extension categories contains at least one extension that collects personally identifiable information (PII), user activity, and website content. On the other hand, the one type of data that Google² defines, but none of the extensions collect, is health information. 

Incogni’s researchers found that a significant number of the extensions collect types of data that are quite private. Namely, it was observed that 31 out of 70 (44%) extensions collect personally identifiable information, which can include things like the user’s name, address, and identification number. 15 out of 70 (21%) extensions collect user activity, which can contain network monitoring and mouse position or keystroke logging. Lastly, 8 out of 70 (11%) extensions collect users’ locations. 

Some types of user data may not be collected as frequently but are worth highlighting all the same. Writing and personal assistants are the only AI-powered categories in which extensions collect a user’s web history. These include HyperWrite, Magical: ChatGPT AI Writer & Text Expander, and Jasper. Personal assistants is also the only extension category that collects financial and payment information, with Jasper and Monica falling into this camp. 

Taking a closer look at individual extensions, we see that Hyperwrite collects the greatest number of data points at 6. The next highest number of data points collected is 5, with four extensions collecting this many: Grammarly, Magical: ChatGPT AI Writer & Text Expander, Guidde, and Jasper. 

Overview of the 5 most popular AI Chrome extensions

The most popular AI-powered extensions collect various numbers of data types and ask for a range of permissions. Below are the top 5 most downloaded extensions in Incogni’s dataset.

Grammarly is the dataset’s most popular Chrome extension, with 10,000,000 users. These users are each giving up 5 data points, including personally identifiable information (PII), location, and user activity. The extension’s users also grant Grammarly 5 permissions, including scripting. Grammarly was found to have a high risk impact but a very low risk likelihood.

QuillBot is the dataset’s second most popular Chrome extension, with 2,000,000 users. These users are each giving up 4 data points: website content, PII, location, and user activity. The extension’s users also grant QuillBot 7 permissions, including scripting and activeTab. QuillBot was found to have a high risk impact but a very low risk likelihood.

WebChatGPT: ChatGPT with internet access, an aid in information lookup and collection, is the dataset’s third most popular Chrome extension. It has 1,000,000 users. Interestingly, the extension does not collect any data points and only asks the user for one permission — storage. WebChatGPT: ChatGPT was found to have a high risk impact and a very high risk likelihood.

Monica is the dataset’s fourth most popular Chrome extension and has 700,000 users. Each of these users is giving up 4 data points, including PII, financial and payment information, and personal communications. The extension’s users also give Monica 3 permissions, scripting included. Monica was found to have a high risk impact but a low risk likelihood.

ChatGPT for Search – Support GPT-4, an aid in information lookup and collection, is tied for fourth as the most popular Chrome extension in the dataset. It also has 700,000 users. The extension does not collect any data points but does ask users for 4 permissions, including scripting. ChatGPT for Search – Support GPT-4 was found to have a moderate risk impact and likelihood.

Conclusion

These advanced language models and language-processing algorithms have given us technologies the world has never seen before. Consequently, we’re in a “wild west” phase with these so-called AI-based tools.

Some trusted extensions like Grammarly could do a lot of damage (according to their risk impact score) but are extremely unlikely to do any (given their low risk likelihood score and stellar reputation). Yet some extensions have both a high risk impact and very high risk likelihood and aren’t the best choice privacy and security-wise.

In order to choose AI-based Chrome extensions wisely, you should check their risk metrics, required permissions, and data collection practices. Time-consuming as this is, it’s also critical to prevent data theft and invasions of privacy. 

Methodology

Incogni’s researchers sought out popular, AI-powered Chrome extensions through media publications and the Chrome Web Store. 7 extension use-case categories that feature AI were derived and each category was populated with 10 extensions.

Researchers then checked the Chrome Web Store pages for these extensions and noted the number of downloads and the user data collected (as disclosed in each extension’s “privacy practices” tab). This information was supplemented by data available on Chrome-stats.com for each extension. On this website, researchers collected the risk scores and the required permissions. 

The data was analyzed with an emphasis on risk scores, permissions, and collected user data. 

Data collection took place on June 6, 2023.

Notes on data:

Many popular AI-powered extensions are unavailable on the Chrome Web Store, where the researchers found information about the data points each extension can collect. Therefore, some notable extensions may be missing from the analysis. 

All examined extensions had at least 100 downloads and prominently featured keywords associated with their use-case categories in their description on the Chrome web store. 

The data used in this research is available here: public dataset.

Sources

1. Chrome Developers. “Extensions.” API reference. Accessed July 19, 2023.  https://developer.chrome.com/docs/extensions/reference/.
2. Chrome Developers. “Chrome Web Store policies.” Updated Privacy Policy & Secure Handling Requirements. Last modified May 1, 2023. https://developer.chrome.com/docs/webstore/user_data/. 
3. ChromeStats. “Chrome extension statistics.” Accessed July 19, 2023. https://chrome-stats.com/extension-stats. 
4. Google. “Chrome Web Store.” Accessed July 19, 2023. https://chrome.google.com/webstore/category/extensions.