Why it matters: Many users only consider their web browser itself when assessing online security but as Duo recently highlighted, it's just as important to examine your use of extensions as they can just as easily serve as gateways for malicious activity.
With a market share north of 61 percent according to StatCounter, Google's Chrome is far and away the most popular web browser out there. Odds are, you're probably using it to read this right now and if I were a betting man, I'd wager that you also probably have some extensions installed.
Google has worked tirelessly to ensure a secure experience with Chrome but its safeguards don't necessarily extend to extensions as one security firm has discovered.
Duo Labs recently announced the public beta of CRXcavator, a free service that analyzes and produces comprehensive security reports on Chrome extensions.
Curious as to the state of the ecosystem, Duo in January discovered and processed 120,463 extensions and apps using its new tool. Of those, 38,289 (31.8 percent) were found to be utilizing third-party libraries that contain publicly known vulnerabilities. More than a third of extensions (35.4 percent) can read your data on any site, Duo said.
Furthermore, the team found that 102,029 extensions (84.7 percent) do not have a privacy policy listed and 93,080 (77.3 percent) do not reference a support site.
