ACCORDING to LayerX Security, dozens of widely used browser extensions have been collecting and selling user data with explicit disclosure in their privacy policies. The study identified more than 80 extensions that reserve the right to sell user data, spanning streaming, ad blocking and productivity tools with millions of combined installations.
It also claimed that 71% of Chrome Web Store extensions do not publish a privacy policy, leaving over 73% of users with at least one installed extension offering no visibility into how their data is handled. From an initial dataset of roughly 9000 extensions, researchers analysed 6666 privacy policies and confirmed 82 extensions engaged in commercial data sharing after manual review.
One network of 24 media extensions, including Netflix, Hulu, Disney+, Amazon Prime Video and HBO Max, reached about 800,000 users, collecting viewing behaviour, preferences and demographic data for third parties. Additionally, at least 12 ad blockers with a combined user base exceeding 5.5 million were found to sell or share browsing data, with some collecting detailed behavioural information. Corporate environments were noted to be affected, with 29 business-focused extensions gathering data from enterprise systems.