A new privacy report reveals that popular AI-powered Chrome extensions may pose serious privacy risks by collecting extensive user data and requesting deep browser access.
The study was conducted by Incogni, a firm that offers privacy services, and it involved an examination of 442 AI-powered Google Chrome extensions in preparation for its 2026 report on privacy risk. The study was conducted in eight categories, including permission, data collection, and security risk.
The report noted that every extension was granted a level of access to the browser. For instance, many extensions were able to read content on a website, monitor activity in a tab, or run scripts on live web pages. This means that extensions have the ability to access emails, work platforms, cloud services, and user dashboards without the user’s knowledge.
The report noted that 52% of the extensions were collecting user data. This included communications, web activity, and location. One of the most alarming of these permissions was the ability for extensions to run scripts on a website, as well as access user input.
Among the most downloaded tools, Grammarly and QuillBot were the extensions with the greatest potential to impact privacy. The tools collected multiple types of data, requiring permission to interact with browser content on a deep level.
Incogni Head of Research Darius Belejevas said that the tools analysed, such as Grammarly and QuillBot, indicate a low probability of malicious activity. However, the number of users accessing these tools, combined with the overall number of users, creates a high overall risk. This is particularly concerning since most users do not realise the level of control they are giving away when installing AI extensions.”
Programming tools and mathematical tools were the ones with the greatest average level of privacy risk, as they interact with sensitive environments such as code repositories and cloud platforms. Meeting assistants and audio transcription tools followed closely.