"Browsing history data - a record of websites visited - reveals potentially sensitive information about people's activities and interests. Though it may be anonymized, academics have shown [PDF] that you can often trace it back to individuals using public social media profiles. The sharing of browsing history data thus erodes personal privacy, though at least some of the info harvesting the researcher detected is disclosed in privacy policies."
"Indeed, it was only two months ago that we reported on how several ad blocking and VPN extensions in the Chrome Web Store were spotted capturing chatbot conversations. And in March 2025, we discussed research showing that generative AI extensions were found to be capturing and sharing sensitive user data. Also, as we've noted, developers of popular Chrome extensions face constant solicitations to sell out to buyers interested in inserting data gathering scripts."
287 Chrome extensions collect and exfiltrate browsing history, affecting approximately 37.4 million installations. Browsing histories reveal websites visited and can expose sensitive activities and interests; anonymized records can often be reidentified using public social media profiles. Some extensions disclose data harvesting in their privacy policies, but many users likely do not appreciate that those policies permit collection. Similar behaviors have been observed recently, including extensions capturing chatbot conversations and generative AI extensions sharing sensitive inputs. Developers of popular extensions face offers from buyers to insert data‑gathering scripts. Data brokers such as Similarweb and Alexa continue to aggregate and monetize browsing data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]