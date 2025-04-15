Browser extensions leave enterprises open to attack

No Comments

Despite being present on virtually every employee's browser, extensions and plug-ins are rarely monitored by security teams or controlled by IT and a new report shows that could be leaving enterprises at risk.

The study from LayerX Security combines statistics from real-life usage data from enterprise users, with data available from public extension stores to reveal how organizations and employees interact with extensions, the associated risks and security blind spots.

The report finds that 99 percent of enterprise users have at least one browser extension installed. More than half (53 percent) have over 10 extensions installed in their browsers. This widespread usage means almost every employee represents a potential attack vector.

More worrying is that 53 percent of enterprise users have installed extensions with 'high' or 'critical' permission scopes. These extensions can access cookies, passwords, browsing data and more, meaning that enterprise users are at a higher risk of exposure.

Over 20 percent of enterprise users have a GenAI-enabled browser extension installed. These can bypass corporate GenAI access controls and gain privileged access to sensitive data at twice the rate of other extensions. 58 percent of these GenAI extensions have 'high' or 'critical' permissions, such as cookies, identities or scripting at twice the average rate of all other extensions, making them a particularly large risk.

"Browser extensions have quietly become one of the most overlooked threat surfaces in enterprise environments," says Or Eshed, CEO and co-founder of LayerX Security. "Our latest report shows that extensions are not only everywhere in the enterprise, they're also highly privileged, largely unvetted and often tied to anonymous publishers probing a risk to security leaders that they no longer afford to ignore."

Part of the problem is that many extensions don't get updated. 51 percent of all extensions haven’t received updates in over a year. Of those, 25 percent are published by developers identified only by a free webmail account, raising the possibility that these are 'hobbyist' extensions that have been abandoned.

How well an organization can trust an extension often depends on the reputation of the extension publisher. However, 54 percent of extension publishers use a free webmail account, and 79 percent have only published a single extension. Also, 22 percent of extensions are less than six months old. With little-to-no information to go by to establish credibility, establishing the trustworthiness of extensions is virtually impossible.

You can get the full report, which includes recommendations for keeping the organization secure, from the LayerX site.

Image credit: jpkirakun/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Microsoft vulnerabilities hit a record high in 2024

Browser extensions leave enterprises open to attack

Less than a third of companies consistently meet compliance standards

Manjaro Linux 25 now available for download

Microsoft says that Windows 11 24H2 now plays nicely with wallpaper customization applications

AI makes bots easier to deploy and harder to detect

Those scary-looking 0x80070643 -- ERROR_INSTALL_FAILURE messages? Just ignore them, says Microsoft

Most Commented Stories

Windows 25 solves Windows 11's biggest problem -- download it now

67 Comments

Linux Mint Debian Edition 7 gets OEM support -- does that signal the impending death of Ubuntu-based Mint?

36 Comments

Forget Windows 11 -- ReactOS, the Microsoft-free Windows operating system, just got a massive update! Download it now

19 Comments

Windows 11 finally gets a proper Start menu with this Quantum upgrade -- install it now

15 Comments

Forget Windows 11 and try AerynOS instead -- this new Linux distro just got a fresh ISO and powerful updates

12 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.9.1

9 Comments

Microsoft launches new Windows 11 roadmap page so you can see what it has planned for the operating system

9 Comments

Elon Musk merges xAI with X to distract from Twitter debt disaster and Donald Trump backlash

9 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.