A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector. Extensive Permissions to Sensitive Data: 53% of extensions installed in enterprise environments have 'high' or 'critical' risk permissions, allowing access to sensitive data like cookies, passwords, browsing history, and webpage contents. LayerX is hosting a webinar to discuss key findings from the Enterprise Browser Extension Security Report 2025. GenAI Extensions: The Hidden Threat Over 20% of enterprise employees use GenAI extensions, with 58% of these holding 'high' or 'critical' permissions, creating significant risk. Security analysis: Enterprises must implement strict policies on GenAI extension usage and data handling. Security analysis: Trust verification for extensions is highly difficult, increasing the likelihood of malicious activity. Extensions are Ubiquitous but Dangerous: 99% of enterprise users have browser extensions installed, with 52% running more than ten extensions, significantly broadening the threat surface. Untrusted Extension Publishers: 54% of extensions are published anonymously via Gmail accounts, with 79% from publishers who have released only one extension, making trust assessment extremely challenging. Security analysis: One compromised extension can put the entire organization at risk. Browser extensions have become deeply embedded in employees' daily workflows, aiding tasks from grammar checking to discount hunting.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 12 May 2025 14:39:53 +0000