In a recent study conducted by data privacy provider Incogni, alarming findings about the privacy risks associated with AI-powered Google Chrome browser extensions have been revealed. The report, titled “Ranking AI-Powered Chrome Extensions by Privacy Risk in 2025,” sheds light on the fact that a significant majority of analyzed extensions collect user data, with over a third of them collecting personally identifiable information (PII) such as credit card numbers, passwords, and location data. This poses a serious threat to the privacy and security of users, potentially exposing them to identity theft and cybersecurity risks.
As the use of browser extensions continues to become more prevalent in everyday life, with tools like Grammarly and Vetted gaining popularity for their convenience, many users place their trust in Google’s ecosystem assuming that extensions available on the Chrome Web Store are safe. However, recent incidents of Chrome extension hacks have shown that these extensions are not immune to data breaches, with over 35 compromised extensions affecting millions of users.
To evaluate the privacy risks posed by AI-powered Chrome extensions, researchers at Incogni examined the permissions of 238 extensions with a substantial user base, as well as the data collection practices disclosed by their publishers. This analysis led to the creation of a ranking system that categorizes extensions based on the level of risk they present to user privacy.
The report highlights several key findings:
– 67% of the analyzed extensions were found to collect user data.
– 41% of extensions collect PII, with a significant portion of them falling into categories that pose a high risk to user privacy.
– 41% of extensions were classified as having a high risk impact, meaning they have the potential to cause severe harm to users, such as injecting code into websites or accessing all pages visited by the user.
– A considerable number of extensions require sensitive permissions that grant access to personal data like passwords, browsing history, and financial information.
Some of the most popular extensions, including DeepL, Grammarly, and Sider, were identified as being among the most privacy-invasive, with a high risk impact on user privacy.
While some data collection practices may seem benign on the surface, the report emphasizes the sensitivity of certain types of information, such as user activity, which can encompass a wide range of personal and sensitive data. The analysis also delves into the most privacy-invasive extension categories and titles, revealing the extent of the risks associated with using certain AI-powered extensions.
In light of these findings, Darius Belejevas, head of Incogni, urges consumers to exercise caution when using AI-powered browser extensions and to consider the potential risks before installing them. With cyber threats on the rise, it is crucial for users to prioritize their privacy and opt for more secure and privacy-friendly extension options.
The full report, “Ranking AI-Powered Chrome Extensions by Privacy Risk in 2025,” is available for download on the Incogni blog. Incogni, as a data privacy advocate, aims to empower users to take control of their data and protect themselves from potential cyber threats by providing a user-friendly solution for removing personal information from various sources.
As the landscape of online privacy continues to evolve, it is essential for users to stay informed and vigilant about the risks associated with using AI-powered browser extensions. By making informed choices and prioritizing their privacy, consumers can mitigate the potential dangers posed by data collection practices of certain extensions.