One More Chrome Extension? You Need an Intervention! – Chrome Extensions Research
Our research shows that 1 in 2 Chrome extensions are poised to wreak havoc on your digital privacy and security. But what does that mean, exactly, and how did we get there?
Our researchers analyzed the data collection practices of 1,237 Chrome browser extensions, focusing on the Risk Impact and Risk Likelihood scores of each extension.
Key findings:
- 1 in 2 (48.66%) Chrome extensions have a high or very high Risk Impact.
- 1 in 4 (27%) Chrome extensions collect data.
- Chrome extensions used for writing:
- are the most data-hungry (79.5% collect at least one data point)
- collect the most data types on average (2.5 data types).
- the riskiest, asking for the most permissions, with one of the highest average Risk Impact scores (3.7/5.0).
- Extensions in the Shopping category are among the most data-hungry (64.9% collect user data) and the most potentially harmful (with an average Risk Impact of 3.9/ 5.0).
Risk Impact is a measure of the potential consequences of an extension being or turning malicious, while Risk Likelihood refers to the probability that an extension is or may become malicious.1
Some Chrome extensions have access to virtually everything you do in your browser, including all your keystrokes. If an extension like this was to turn malicious or get compromised, a bad actor could spy on your every move and steal your login and payment details from any site you visit. These are the highest Risk Impact extensions.
Risk Impact is only half the story, though. While in use, an extension like Grammarly sees most of what you’re typing* (minus some sensitive fields), but the company behind it has a good track record of keeping user data safe. It has a high Risk Impact but low Risk Likelihood. It’s generally considered safe.
You might also come across an extension made by a fly-by-night developer with a history of questionable business practices that doesn’t require any suspicious permissions. So an extension like this would have a high Risk Likelihood but low Risk Impact and may well be relatively safe.
So, to assess the danger posed by your favorite Chrome extensions, you need to look at both Risk Impact and Risk Likelihood scores together. The safest extensions score low on both measures. The most obviously dangerous ones score high on both.
The safest extensions have a low Risk Impact and low Risk Likelihood, while the most dangerous score highly on both measures. The vast majority fall somewhere in between these extremes and it’s up to the user to decide if they’re comfortable installing a given extension. Risk Impact won’t change without the user knowing, since the extension would have to request additional permissions, but Risk Likelihood can change without notice, for example when an extension changes hands The distribution [above/below] shows the proportions of extensions studied that are generally considered safe (teal), that should be installed with caution (yellow), generally avoided (pink), or that are not recommended (red).
Permissions are key
Almost half of the 1,237 Chrome extensions analyzed score highly on Risk Impact. Risk Impact is defined, first and foremost, by the permissions a given extension requires at installation. Some permissions are more potentially dangerous than others.
According to Aleksandras Valentij, Information Security Officer at Surfshark:
“[Users should] be extremely cautious with browser extensions that require the following permissions: read and change all your data on all websites you visit, audio capture, browsing data, clipboard read, desktop capture, file system, geolocation, storage, and video capture.”
Mr. Valentij goes on to add that:
“The general advice in such cases is to use common sense when granting permissions to browser extensions. For example, why would an ad blocker need audio capture access or access to your file system? If you have doubts, simply don’t use that particular add-on. There are plenty of alternatives for each add-on out there.”
Simply put, an extension can’t steal, share or “lose” data to which it doesn’t have access in the first place. Permissions can be used, either by the extension developer or third parties, to do everything from inserting affiliate IDs into shopping-site cookies2 to logging your every keystroke.
In developers we trust
Some extensions truly can’t function without certain permissions, even scary ones like clipboard read and browsing data. This is why it’s important to only use extensions from trusted developers. A trusted developer is one with a history of problem-free software development and high user ratings.
Seeking out trusted developers is neither easy nor foolproof, though. A previously above-board developer can turn bad actor, reviews can be bought or faked, and extensions can be compromised through no fault of the developer.
Doppelgänger extensions also complicate things. You might think you’re installing a tried, tested, and trusted extension when really it’s a malicious counterfeit. These are easy to fall for if you’re not very careful to match the extension and developer names exactly.
Finally, there’s a risk to downloading High Risk Impact extensions even from verified and trusted developers. Extensions, like any other proprietary software, can change hands without the user being made aware. You grant permissions to the extension, not its developer. A less-than-trustworthy company could then acquire the developer, publisher, or code base and do as it pleases with your data.
Adware vendors buying Chrome extensions and infecting them with adware and malware3 is a well-known practice. There are many examples of this, from the Particle extension takeover4 to smaller developers having their reputations dragged through the mud5. Even a generally reputable company buying out a beloved extension can cause widespread concern6.
Data collection is where it’s at
All this talk of risk and danger is a little abstract if we don’t look into exactly what kinds of data are being exposed and collected by these Chrome extensions. Over 1 in 4 of the extensions studied (27%) collect data on their users.
Below is a breakdown of this data by type and the percentage of extensions that collect it.
There’s no data here that isn’t a cause for concern. Any of this information can be used against you to devastating effect. Combining data from these categories is privacy-disrupting dynamite. It doesn’t take much imagination to see how pairing Personally Identifiable Information (PII) with health information, for example, can be used to invade your privacy.
Even “just” website content and location data can put you at risk. Say you spend some time looking up information on the legality of abortion procedures in your area and then make a couple of visits to a family planning clinic. In 2022, this can land you in a world of trouble7 you don’t need.
Then there’s the more typical criminal element: a malicious or compromised Chrome extension that has access to your every keystroke could be used to scrape your login and payment details. The sites you visit, the authentication information you use to log into them, and your credit card details are all right there on a silver platter.
Chrome extensions collecting the most data
If one or two data points can be devastating in the wrong hands, imagine what six or seven could do. Yet the top 10 data-collecting extensions collect exactly that much. They’re all Productivity and Shopping extensions.
Extensions that collect the most data, by category
The table below ranks all the categories studied by the % of extensions collecting data, the number of data types collected, and average risk metrics.
A whopping 65% of shopping extensions collect user data, at an average of 1.4 data types each. The combined average risk metrics are also the highest in this category, with an average Risk Impact of 3.9 and Risk Likelihood of 1.6.
Productivity, Search Tools, and Sports extensions vie for second place, with 32-35% of them collecting data, on average. Productivity extensions edge ahead with an average of 0.7 data types collected and the second-highest Risk Impact and Risk Likelihood pair of any category: 3.3 and 1.7, respectively.
Keep in mind that when dealing with averages like this, the differences within each category will be greater than those between categories. Still, on average, shopping extensions require more caution than other categories. They collect the most data by far and have the highest Risk Impact.
Extensions collecting the most data by use case
Another useful way to break down the data is to look at use cases. Filtering the results by keywords that speak to different use cases reveals clear deviations from the norm. Just over 1 in 4 (27%) of all Chrome extensions examined collect user data. Yet almost 4 in 5 (79.5%) of writing extensions do so.
So writers, bloggers, and language learners need to pay particular attention to how they augment their browsers. Especially given that writing extensions also collect the greatest number of data types (2.5 on average) and have one of the highest average Risk Impact scores (3.7/5.0).
Drilling down into the types of data writing extensions collect, we see that 56.4% collect PII (Personally Identifiable Information) and 33.3% collect location data. That’s a lot of trust to place in a company that’s looking to monetize its interactions with you. The table below shows the most data-hungry writing extensions.
The wildly popular Grammarly extension collects five data types, has a Risk Impact score of 4 out of 5, and boasts over 10,000,000 installs. Its Risk Likelihood is the lowest possible, but it’s not immune to being compromised by third parties, like state-sponsored hackers—no developer is.
Safety in Numbers?
Sticking to only the most popular Chrome extensions might seem like a good way to minimize risk. The data shows otherwise, though:
It turns out that more popular extensions are more likely to collect user data and collect more data types on average. Among the most popular extensions, 36% collect data, at an average of 0.9 data types. Only 20.7% of the least popular extensions collect data, with an average of 0.4 data types being collected.
The risk analysis shows an analogous correlation, with Risk Impact increasing with popularity:
So there’s really no substitute for looking into each extension individually before deciding whether to install it. We have some great tools and techniques to help you with this, but first, let’s look at some general best practices that we can glean from this research.
What we can learn from the worst of the worst
The most dangerous Chrome extensions combine high Risk Impact with high Risk Likelihood. We found that, out of the 1,237 extensions we analyzed, 47 scored 4 or 5 on both of these measures.
The most common use cases among these 47 extensions are: increasing volume (5), refreshing tabs (5), watching videos in a floating window (5), translating (4), and screen recording (3).
Straight away you can see that they all have one thing in common: they’re useless additions to your browser, duplicating functions available in your operating system, the browser itself, or the given website or web app. No one needs any of these extensions. They wouldn’t be worth any level of risk, let alone the greatest level.
You can find the list of these high Risk Impact & high Risk Likelihood Chrome extensions at the bottom of this page.
So what should you do when installing Chrome browser extensions?
First and foremost, ask yourself if you really need yet another extension. Does your operating system, browser, or some other piece of software you already have offer the same functionality? Search online and find out. It could save you from bloating your browser with risky extensions unnecessarily.
Generally speaking, the more extensions you have, the slower your browser and computer run. Some are real resource hogs, eating up RAM and CPU cycles like nobody’s business. More importantly, the odds of coming across a malicious Chrome extension8 or having one compromised stack as you add more of them to your browser.
If you’re convinced you need an extension to do whatever it is you’re doing, check its permission requirements and risk profile. Always double check you’re looking at the original extension by making sure the extension name, logo, and developer name match what you were expecting.
Check the risk profile of any extension on the Chrome Web Store
To check an extension’s risk profile, find it on the Chrome Stats9 website. Alternatively, here’s a one-click way to bring up the risk profile for any extension on the Chrome Web Store:
Setting it up takes less than a minute and will save you a lot of time if you’re a power user. All you need to do is add a bookmark that contains some simple JavaScript to your browser. Here’s a step-by-step guide:
- Click the star in your browser’s search bar (it doesn’t matter what page you’re on).
- Click “more.”
- Paste the following line of JavaScript into the URL field as shown below.
javascript:(function(){location.href=’https://chrome-stats.com/d/’ + window.location.href.replace(/https:\/\/.*\//g, “”);})();
Now go to the Chrome Web Store page of any extension, and you’ll be able to bring up the Chrome Stats page for that extension with a single click.
The extension looks a little too risky? Look for alternatives
Don’t shrug off any red flags or lingering doubts—whatever your need, it’s bound to have been addressed by other developers. To find similar extensions:
On the extension’s Chrome Web Store page click on “related.”
The gold standard in terms of minimal data collection is using Free and Open Source (FOSS) extensions, like Bitwarden10 and uBlock Origin11. Failing that, look for extensions that are marked as trusted by Google and have an acceptable risk profile on Chrome Stats.
Methodology
Our researchers analyzed 1,237 Google Chrome extensions available on the Chrome Web Store. These extensions all have at least 1,000 installs and fall under 56 use cases, from writing to gambling. Our analysis was focused on their risk profiles (scraped from Chrome Stats) and the nine data types that extensions can collect.
The extensions were analyzed according to their:
- Category
- Use case
- Number of installs (<3,000; 3,000–9,999; 10,000–49,999; >=50,000)
- Country of origin (for the extension developers that declared it)
- Risk Impact and Risk Likelihood
Given that information on the collection and sale of user data is provided voluntarily through a declaration, the data on this aspect are assumed to represent the best case scenario.
References
- “Risk analysis,” ChromeStats, accessed October 25, 2022, https://docs.chrome-stats.com/analysis/risk-analysis.
- Sabrina Ortiz, “Malicious Google Chrome extensions affect 1.4 million users,” last modified August 31, 2022, https://www.zdnet.com/article/malicious-google-chrome-extensions-affect-1-4-million-users/.
- Ron Amadeo, “Adware vendors buy Chrome Extensions to send ad- and malware-filled updates,” last modified January 18, 2014, https://arstechnica.com/information-technology/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/.
- Catalin Cimpanu, “‘Particle’ Chrome Extension Sold to New Dev Who Immediately Turns It Into Adware,” last modified July 13, 2017, https://www.bleepingcomputer.com/news/security/-particle-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware/.
- Amit Agarwal, “I sold a Chrome Extension but it was a bad decision,” last modified January 16, 2014, https://www.labnol.org/internet/sold-chrome-extension/28377/.
- Kevin Purdy, “Beloved browser extension acquired by non-beloved antivirus firm,” last modified September 9, 2022, https://arstechnica.com/gadgets/2022/09/beloved-browser-extension-acquired-by-non-beloved-antivirus-firm/.
- Bobby Allyn, “Privacy advocates fear Google will be used to prosecute abortion seekers,” last modified July 11, 2022, https://www.npr.org/2022/07/11/1110391316/google-data-abortion-prosecutions#:~:text=In%20the%20first,Times%20in%202019.
- “ChromeLoader Infects the Browser by Loading Malicious Extension,” BlackBerry Blog, last modified November 3, 2022, https://blogs.blackberry.com/en/2022/11/chromeloader-infects-the-browser-by-loading-malicious-extension.
- “ChromeStats,” Google, accessed October 24, 2022, https://chrome-stats.com/.
- “Move fast and securely with the password manager trusted by millions,” Bitwarden, accessed November 4, 2022, https://bitwarden.com/.
- “uBlock Origin – Free, open-source ad content blocker,” uBlock Origin, accessed November 4, 2022, https://ublockorigin.com/.
*Update from Grammarly:
“Grammarly only accesses the text users write while using our product to provide suggestions and is blocked from accessing anything typed in fields marked “sensitive,” such as credit card and password fields. Grammarly only checks the text users want it to, and they can always see what Grammarly is processing by the presence of the Grammarly widget. Users can also turn off Grammarly in any application at any time if they don’t want it to check a particular piece of text.”
Appendix: Highest risk Extensions and their alternatives
Here are some of the worst extensions and their less risky alternatives. Note that sometimes no extension at all is the better alternative.
Use case : Change your cursor | |||
Apps | Risk impact | Risk likelihoood | Permissions |
Cute Food & Drinks Cursor | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Change My Cursor - better to avoid using an extension for this use case | 1 | 2 | None |
Use case : Find cheap flights | |||
Apps | Risk impact | Risk likelihood | Permissions |
shoopit - pay less for travel | 4 | 4 | Read and change all your data on all websites |
Alternatives to use: | |||
PlanMoreTrips - We Find The Cheapest Flights | 3 | 1 | Read and change all your data on a number of websites |
Use case : Sound equalizer | |||
Apps | Risk impact | Risk likelihood | Permissions |
Equalizer Professional | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Lookup meaning of words | |||
Apps | Risk impact | Risk likelihood | Permissions |
Dictionary - Synonyms, Definition, Translator | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Oxford Dictionary Lookup | 1 | 1 | None |
Use case : Create and edit PDFs | |||
Apps | Risk impact | Risk likelihood | Permissions |
PDF toolbox | 4 | 5 | Read and change all your data on all websites, Manage your downloads |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Save songs from vk | |||
Apps | Risk impact | Risk likelihood | Permissions |
Скачать музыку с ВК | 4 | 5 | Read and change all your data on all websites, Manage your downloads |
Alternatives to use: | |||
VK Music - audio saver (better to avoid any extensions for this use case) | 3 | 1 | Read and change all your data on VK.com |
Use case : Video Downloader | |||
Apps | Risk impact | Risk likelihood | Permissions |
Video Downloader Plus | 4 | 5 | removed from chrome |
Alternatives to use: | |||
no alternative - better avoid using an extension for this use case |
Use case : Change browser settings | |||
Apps | Risk impact | Risk likelihood | Permissions |
Microsoft Bing Homepage & Search for Chrome | 4 | 5 | Read and change all your data on all websites, Display notifications, Change your home page to:bing.com, Change your search settings to:bing.com, Change your start page to: bing.com |
Alternatives to use: | |||
no alternative - better change your browser settings yourself |
Use case : Save songs from vk | |||
Apps | Risk impact | Risk likelihood | Permissions |
Скачать музыку из ВК | 4 | 5 | Read and change all your data on all websites, Manage your downloads |
Alternatives to use: | |||
VK Music - audio saver (better to avoid any extensions for this use case) | 3 | 1 | Read and change all your data on VK.com |
Use case : Block dangerous sites | |||
Apps | Risk impact | Risk likelihood | Permissions |
Paranoid Web Extension | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - install a trusted Parental Control Software |
Use case : Increases volume | |||
Apps | Risk impact | Risk likelihood | Permissions |
Audio + Volume Booster & equalizer | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Screen recorder | |||
Apps | Risk impact | Risk likelihood | Permissions |
Scrcast screen recorder | 4 | 5 | Read and change all your data on all websites, Manage your downloads, Capture content of your screen |
Alternatives to use: | |||
Better to avoid using an extension for this use case - Use native Screenshot or QuickTime (Mac) or built-in Game bar |
Use case : Video downloader for OK.ru | |||
Apps | Risk impact | Risk likelihood | Permissions |
OK.ru Downloader (IDL Helper) | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Image search on AliExpress | |||
Apps | Risk impact | Risk likelihood | Permissions |
AliPrice Search by image for AE | 4 | 4 | Read and change all your data on all websites |
Alternatives to use: | |||
AliExpress Image Search | 3 | 1 | Read and change all your data on all aliexpress.com sites and shoppingcart.aliexpress.com |
Use case : Video downloader | |||
Apps | Risk impact | Risk likelihood | Permissions |
Video Downloader Wise | 4 | 5 | removed from chrome |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Emoji | |||
Apps | Risk impact | Risk likelihood | Permissions |
Emoji Keyboard- copy&past your emoji. | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Keyboard.cool - emoji & symbol keyboard | 1 | 1 | None |
Use case : Wallpapers | |||
Apps | Risk impact | Risk likelihood | Permissions |
MyStart Wallpapers New Tab Theme | 4 | 4 | Read and change all your data on all mystart.com websites. Replace the page you see when opening a new tab, Read your browsing history |
Alternatives to use: | |||
Nature Wallpapers HD video New Tab background (better to avoid any extensions for this use case) | 2 | 1 | Replace the page you see when opening a new tab, read a list of your most frequently visited sites. |
Use case : Reference | |||
Apps | Risk impact | Risk likelihood | Permissions |
PERRLA | 4 | 4 | Read and change all your data on a number of websites, Read your browsing history, Modify data you copy and paste |
Alternatives to use: | |||
no alternative - Consider using Google Scholar |
Use case : Translator | |||
Apps | Risk impact | Risk likelihood | Permissions |
Translator uLanguage - Translate, Dictionary | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Google Translate | 3 | 1 | Read and change all your data on all websites |
Use case : Find music | |||
Apps | Risk impact | Risk likelihood | Permissions |
Shazam: Identify songs from your browser | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Extension released recently, therefore there is not reputation info to correctly estimate likelihood. |
Use case : VPN | |||
Apps | Risk impact | Risk likelihood | Permissions |
Delta Free VPN | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Avoid free VPNs, research reputable VPN companies |
Use case : Translator | |||
Apps | Risk impact | Risk likelihood | Permissions |
Quick Translation | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Google Translate | 3 | 1 | Read and change all your data on all websites |
Use case : Refresh tabs | |||
Apps | Risk impact | Risk likelihood | Permissions |
Maxi Refresher | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Tab Auto Refresh - better avoid using an extension for this use case | 1 | 2 | None |
Use case : Screen recorder | |||
Apps | Risk impact | Risk likelihood | Permissions |
Screen Recorder & Editor for Chrome | 4 | 5 | Read and change all your data on all websites, Capture content of your screen |
Alternatives to use: | |||
Better to avoid using an extension for this use case - Use native Screenshot or QuickTime (Mac) or built-in Game bar |
Use case : Watch videos in a floating window | |||
Apps | Risk impact | Risk likelihood | Permissions |
Picture-in-Picture with Playback Controls | 4 | 4 | Read and change all your data on all websites |
Alternatives to use: | |||
Picture-in-Picture Extension (by Google) | 3 | 1 | Read and change all your data on all websites |
Use case : Refresh tabs | |||
Apps | Risk impact | Risk likelihood | Permissions |
Page Auto Refresh | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Tab Auto Refresh - (better to avoid any extensions for this use case) | 1 | 2 | None |
Use case : Refresh tabs | |||
Apps | Risk impact | Risk likelihood | Permissions |
Super Simple Auto Refresh | 4 | 5 | Read and change all your data on all websites, Display notifications |
Alternatives to use: | |||
Tab Auto Refresh - (better to avoid any extensions for this use case) | 1 | 2 | None |
Use case : Extract leads from LinkedIn | |||
Apps | Risk impact | Risk likelihood | Permissions |
LinkedRadar - LinkedIn Auto Connect Tool | 4 | 5 | Read and change all your data on all linkedin.com sites and all linkedradar.com sites, Read your browsing history |
Alternatives to use: | |||
Kendo-Linkedin Email Finder | 3 | 2 | Read and change all your data on all linkedin.com sites and historykendoemailapp.com |
Use case : Refresh tabs | |||
Apps | Risk impact | Risk likelihood | Permissions |
Auto Refresh Page | 4 | 5 | Read and change all your data on all websites, Display notifications |
Alternatives to use: | |||
Tab Auto Refresh - (better to avoid any extensions for this use case) | 1 | 2 | None |
Use case : Translator | |||
Apps | Risk impact | Risk likelihood | Permissions |
Ichigo Reader🍓: Translate Manga | 4 | 5 | Read and change all your data on all websites, Manage your downloads |
Alternatives to use: | |||
Google Translate | 3 | 1 | Read and change all your data on all websites |
Use case : Watch videos in a floating window | |||
Apps | Risk impact | Risk likelihood | Permissions |
Picture-in-Picture - (Floating Video) | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Picture-in-Picture Extension (by Google) | 3 | 1 | Read and change all your data on all websites |
Use case : Extract leads from Google maps | |||
Apps | Risk impact | Risk likelihood | Permissions |
Presto OSM lead extractor | 4 | 4 | Read and change all your data on all websites |
Alternatives to use: | |||
G-Recorder | 3 | 2 | Read and change all your data on www.google.com, Manage your downloads |
Use case : Extract leads from LinkedIn | |||
Apps | Risk impact | Risk likelihood | Permissions |
ShopifyHunt - Shopify store parser & spy | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Kendo-Linkedin Email Finder | 3 | 2 | Read and change all your data on all Linkedin.com sites and kendoemailapp.com |
Use case : Watch videos in a floating window | |||
Apps | Risk impact | Risk likelihood | Permissions |
Smooth Picture in picture | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Picture-in-Picture Extension (by Google) | 3 | 1 | Read and change all your data on all websites |
Use case : Browser game | |||
Apps | Risk impact | Risk likelihood | Permissions |
Flappy Bird Purple | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Flappy Bird Offline | 1 | 1 | None |
Use case : Watch videos in a floating window | |||
Apps | Risk impact | Risk likelihood | Permissions |
Simple PIP | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Picture-in-Picture Extension (by Google) | 3 | 1 | Read and change all your data on all websites |
Use case : Increases volume | |||
Apps | Risk impact | Risk likelihood | Permissions |
Nice Volume Booster | 4 | 5 | removed from chrome |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case - use the built-in Sound control in the menu bar or Control Center (Mac) or Hardware and Sound section in your Control Panel (Windows) |
Use case : Translator | |||
Apps | Risk impact | Risk likelihood | Permissions |
Web Translator - Select to Translate | 4 | 5 | Read and change all your data on all websites, Display notifications |
Alternatives to use: | |||
Google Translate | 3 | 1 | Read and change all your data on all websites |
Use case : Refresh tabs | |||
Apps | Risk impact | Risk likelihood | Permissions |
Refresh Page - Auto tab refresh | 4 | 5 | Read and change all your data on all websites, Display notifications |
Alternatives to use: | |||
Tab Auto Refresh - better to avoid any extensions for this use case. Multiple tabs can be refreshed by selecting multiple tabs (hold SHIFT) and pressing CTRL + R (on Windows) | 1 | 2 | None |
Use case : Watch videos in a floating window | |||
Apps | Risk impact | Risk likelihood | Permissions |
Easy PiP | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
Picture-in-Picture Extension (by Google) | 3 | 1 | Read and change all your data on all websites |
Use case : Increases volume | |||
Apps | Risk impact | Risk likelihood | Permissions |
Volume Amplifier | 4 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Increases volume | |||
Apps | Risk impact | Risk likelihood | Permissions |
Volume Booster | 5 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : Increases volume | |||
Apps | Risk impact | Risk likelihood | Permissions |
Volume Booster 2022 - It's your sound control | 5 | 5 | Read and change all your data on all websites |
Alternatives to use: | |||
no alternative - better to avoid using an extension for this use case |
Use case : VPN | |||
Apps | Risk impact | Risk likelihood | Permissions |
Troywell VPN Pro - Fast and secure VPN | 5 | 5 | Read and change all your data on all websites, Display notifications, Manage your apps, extensions, and themes, Change your privacy-related settings |
Alternatives to use: | |||
Avoid free VPNs, research reputable VPN companies |
Use case : Screen recorder | |||
Apps | Risk impact | Risk likelihood | Permissions |
Screen Recorder | 5 | 5 | Read and change all your data on all websites, Capture content of your screen, Manage your downloads, Know your email address |
Alternatives to use: | |||
Better to avoid using an extension for this use case - Use native Screenshot or QuickTime (Mac) or built-in Game bar |
Use case : Replace your New Tab Page with a personal dashboard | |||
Apps | Risk impact | Risk likelihood | Permissions |
Home - New Tab Page | 5 | 5 | Read and change all your data on all websites, Replace the page you see when opening a new tab, Display notifications, Read and change your bookmarks, Manage your apps, extensions, and themes |
Alternatives to use: | |||
New tab page by start.me | 2 | 1 | Read and change all your data on start.me, Replace the page you see when opening a new tab |
Next steps
Chrome extensions aren’t the only or even the worst offenders when it comes to your personal information getting into the wrong hands. Companies called data brokers specialize in gathering, compiling, and selling your information to anyone who’s willing to pay. Luckily, the presence of state data privacy laws means that you can opt out of each individual data broker, like Fast People Search, Fast Background Check, Nuwber, Innovis, Instantcheckmate, Clustrmaps, or Whitepages. Cybercriminals get their hands on your personal data and devise scams to get money or more valuable information from you, or both. Removing yourself from the internet is the nuclear option, but you need not go off-grid to make a real impact.