A new security report has revealed that dozens of popular browser extensions are quietly collecting and selling user data, and in many cases, doing so completely legally.
The findings highlight a growing privacy risk inside modern web browsers, where extensions are often trusted tools but operate with deep access to user activity.
Millions of Users Affected
According to research highlighted by Infosecurity Magazine and a detailed analysis by LayerX Security, more than 80 browser extensions with millions of combined users are involved in data collection and sharing practices.
Many of these extensions appear harmless, offering features like productivity tools, ad blocking, or AI assistance.
Behind the scenes, however, they may be collecting:
- Browsing history
- Visited URLs
- Cookies and session data
- Search activity
This information can then be shared or sold to third parties, including advertisers and data brokers.
The Legal Loophole
One of the most concerning aspects of the report is that these practices are often legal.
Many extensions disclose data collection in their privacy policies, which users typically accept without reading.
This creates a situation where large-scale data harvesting happens in plain sight, but without meaningful user awareness.
In other words, the issue is not always malware, it is legal surveillance.
Hidden Risks Inside Extensions
Browser extensions are powerful by design. Once installed, they can interact with webpages, read content, and sometimes modify what users see.
The LayerX report found that many extensions request extensive permissions that go far beyond their advertised functionality.
Some extensions:
- Operate with broad access to all websites
- Collect sensitive data in the background
- Transmit information to external servers
In some cases, extensions can even expose authentication tokens or session data, increasing the risk of account compromise.
Why This Matters for Privacy Users
Extensions are often seen as lightweight add-ons, but they can have the same level of access as full applications.
This makes them a high-risk vector for tracking and data collection, especially when installed in large numbers across multiple devices.
For privacy-focused users, this creates several concerns:
- Continuous monitoring of browsing behavior
- Data aggregation across services
- Increased exposure to third-party tracking
- Difficulty auditing extension behavior
The Bigger Picture
The report underscores a broader issue in the modern web ecosystem: convenience tools often come at the cost of user data.
While browser vendors have introduced permission systems and review processes, the scale of extension ecosystems makes full oversight difficult.
As a result, users are left to trust developers, or unknowingly trade their data for functionality.
What Users Can Do
Reducing extension risk starts with minimizing the number of installed add-ons and reviewing their permissions carefully.
- Remove unused extensions
- Install only from trusted developers
- Check permissions before installing
- Prefer open-source and privacy-focused tools
In many cases, fewer extensions means significantly lower exposure.
Source
This article was written by DigitalEscapeTools based on security research and public reporting from Infosecurity Magazine and LayerX Security.
