Article Details
Scrape Timestamp (UTC): 2025-05-12 14:41:15.716
Original Article Text
Click to Toggle View
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals. Browser extensions have become deeply embedded in employees' daily workflows, aiding tasks from grammar checking to discount hunting. Yet, their extensive permissions create significant security risks, largely unnoticed by IT and security teams. A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. LayerX is hosting a webinar to discuss key findings from the Enterprise Browser Extension Security Report 2025. Gain actionable insights to mitigate browser extension risks. Register here Key Findings from the Report 1. Extensions are Ubiquitous but Dangerous: 99% of enterprise users have browser extensions installed, with 52% running more than ten extensions, significantly broadening the threat surface. Security analysis: Nearly every employee could potentially compromise organizational security. 2. Extensive Permissions to Sensitive Data: 53% of extensions installed in enterprise environments have 'high' or 'critical' risk permissions, allowing access to sensitive data like cookies, passwords, browsing history, and webpage contents. Security analysis: One compromised extension can put the entire organization at risk. 3. GenAI Extensions: The Hidden Threat Over 20% of enterprise employees use GenAI extensions, with 58% of these holding 'high' or 'critical' permissions, creating significant risk. Security analysis: Enterprises must implement strict policies on GenAI extension usage and data handling. 4. Untrusted Extension Publishers: 54% of extensions are published anonymously via Gmail accounts, with 79% from publishers who have released only one extension, making trust assessment extremely challenging. Security analysis: Trust verification for extensions is highly difficult, increasing the likelihood of malicious activity. 5. Abandoned and Outdated Extensions: 51% of extensions haven't received updates in over a year, while 26% of enterprise extensions are sideloaded, bypassing security vetting. Security analysis: Outdated or unmanaged extensions significantly raise security risks due to potential vulnerabilities. Recommendations for Security and IT Teams: Download the full report to understand the complete security implications and strategies for managing browser extensions securely. Sponsored and written by LayerX.
Daily Brief Summary
The 2025 Enterprise Browser Extension Security Report highlights a significant but overlooked threat vector in browser extensions widely used in business environments.
99% of enterprise users have browser extensions installed, with over half using more than ten, expanding the potential for security breaches.
More than half of these extensions access sensitive data under 'high' or 'critical' risk permissions, exposing organizations to data theft and other cyber threats.
A significant 20% of employees use GenAI extensions, with a majority categorized under high-risk permissions, necessitating stringent control measures.
A large portion of extensions is published anonymously or by first-time publishers, complicating the verification of trust and increasing vulnerability to malicious intents.
Many extensions are outdated or not regularly updated, and some are sideloaded, bypassing standard security checks and further intensifying security risks.
LayerX advises strict policies for managing browser extension usage and highlights actionable insights to mitigate risks during their upcoming webinar.