Your Google Chrome extensions may be stealing your data.

There used to be a time when online data theft was just a term people used to scare young children. Like the Boogeyman, or the Karanguni-man. Nowadays, having your data stolen is a very real and serious thing. It seems that not even Google Chrome is exempt from this.

We already knew that Twitter’s not deleting all the DMs you think you’ve deleted. Now we find out that Google Chrome has a massive security flaw when it comes to extensions.

First off, if you’re using a vanilla version of Google Chrome, congratulations! You’re safe from this particular pitfall. If you have even ONE extension enabled, you’ll definitely want to check to see if it’s as benign as you think it is.

New data from security firm Duo Security shows that about 85% of Google Chrome’s extensions don’t have a privacy policy. That means the people behind them can have access to your data and you can’t do anything to stop them.

Here’s some scary numbers that Duo found out in the course of their research.

A whopping 35% of them can tell which site you’re on at the moment. Your browsing habits aren’t as safe as you thought, and not even erasing your browser’s history and cookies won’t help.

Even scarier, 32% of apps and extensions for Google Chrome are built via third party tools that are known to have been hacked. That means even if the developers are nice enough not to peer into what you’re doing, hackers can STILL get to your data by exploiting the tools’ vulnerabilities.

Thankfully, there’s a way to check out which apps and extensions are putting you at risk. All you need to go is head to this site, and search for the app you’re using to see if it’s a risk or relatively safe to use.

If you’re interested in reading more about what Duo Security found out, you can check out their blog for the full nitty gritty.