Researchers have made a discovery that raises troubling questions about the trustworthiness of third-party extensions Google makes available for its Chrome browser—a plugin with more than 1.2 million downloads that vacuumed up users' browsing habits and used them for marketing purposes.
The extension was known as Webpage Screenshot, and until Tuesday it was available in Google's official Chrome store. It boasted more than 1.2 million downloads and garnered an overall rating of 4.5 stars out of a possible 5. But according to a blog post published Wednesday by researchers at Danish firm Heimdal Security, the Chrome plugin collected users' browsing habits behind the scenes. The snooping was made harder to detect because Webpage Screenshot didn't start collecting the data until a week after the extension was installed.
In fairness to the company that produced Webpage Screenshot, the extension's terms of service disclosed that it collected a wealth of potentially sensitive user data. Data that was fair game included IP addresses, operating systems, browser information, URLs visited, data from URLs loaded and pages viewed, search queries entered, social connections, profile properties, contact details, and usage data, along with other behavioral, software and hardware information and unique mobile device identifiers.