High-Risk AI Chrome Extensions Threaten User Cybersecurity

According to a new report by Incogni, more than two-thirds of artificial intelligence (AI)-powered extensions for the Google Chrome browser have a high-risk impact and could be “highly damaging” to user cybersecurity if compromised.

The August report analyzed seventy AI Chrome extensions across seven distinct categories, including ten writing extensions that all ranked as high-risk.

48 of 70 extensions fell into the high-risk impact category if they were beached, but 60% of the extensions were low-risk to encounter a security breach to begin with.

Image source: Incognito data report: “AI Chrome extensions: convenience vs privacy and security”

The CEO of Incogni, Darius Belejevas, stated that while these extensions provide “undeniable convenience,” users should prioritize privacy and security.

“Understanding the data [users] share with extensions and their reliability in keeping it safe is crucial.”

59% of the extensions analyzed captured user data, with 44% of these extensions collecting “personally identifiable information” (PII).

The user’s name, address, and identification number are examples of PII. “By exercising caution when selecting AI Chrome extensions and remaining informed about their potential risks,” he said, “users can enjoy the benefits of AI while protecting their private data.”

Alongside the rapid rise of accessible AI applications, privacy and the collection and mismanagement of user data have become significant concerns.

Google altered its privacy policies in June to permit data harvesting to train its AI systems.

However, it was immediately greeted with a class-action lawsuit alleging that the new changes violated privacy and property rights.

Worldcoin, the decentralized protocol for digital identity verification, is one of the recent industry developments that has prompted concerns over the management of user data.

It has prompted global regulators to investigate the operation of the protocol.

On the contrary, the Indian government passed a measure through the lower house of parliament on August 7 that would relax data compliance regulations for big tech companies such as Google and Meta.