Everyone is aware of browser extensions are embedded into practically each person’s each day workflow, from spell checkers to GenAI instruments. What most IT and safety folks do not know is that browser extensions’ extreme permissions are a rising threat to organizations.
LayerX in the present day introduced the discharge of the Enterprise Browser Extension Security Report 2025, This report is the primary and solely report back to merge public extension market statistics with real-world enterprise utilization telemetry. By doing so, it sheds mild on one of the underestimated menace surfaces in fashionable cybersecurity: browser extensions.
The report reveals a number of findings that IT and safety leaders will discover fascinating, as they construct their plans for H2 2025. This contains data and evaluation on what number of extensions have dangerous permissions, which sorts of permissions are given, if extension builders are to be trusted, and extra. Beneath, we deliver key statistics from the report.
Highlights from the Enterprise Browser Extension Safety Report 2025
1. Browser extensions are ubiquitous in enterprise environments. 99%, practically all, of workers, have browser extensions put in. 52% have greater than 10 extensions put in.
Safety evaluation: Practically all workers are uncovered to browser extension threat.
2. Most extensions can entry vital information. 53% of enterprise customers’ extensions can entry delicate information like cookies, passwords, internet web page contents, looking data, and extra.
Safety evaluation: An employee-level compromise might jeopardize all the group.
3. Who publishes these extensions? Who is aware of? Greater than half (54%) of extension publishers are unknown and solely recognized through Gmail. 79% of publishers solely revealed one extension.
Safety evaluation: Monitoring the reputability of extensions is tough, if attainable in any respect with IT sources.
4. GenAI extensions are a rising menace. Over 20% of customers have at the very least one GenAI extension, and 58% of those have high-risk permission scopes.
Safety evaluation: Enterprises ought to outline clear insurance policies for GenAI extension use and information sharing.
5. Unmaintained and unknown browser extensions are a rising concern. 51% of extensions have not been up to date in over a yr, and 26% of enterprise extensions are sideloaded, bypassing even fundamental retailer vetting.
Safety evaluation: Extensions will be weak even when they are not purposefully malicious.
5 Suggestions for Safety and IT
The report not solely brings information, it additionally supplies actionable steerage for safety and IT groups, recommending how one can take care of the browser extension menace.
Here is what LayerX advises organizations:
- Audit all extensions – A full image of extensions is the muse for understanding the menace floor. Due to this fact, step one in securing in opposition to malicious browser extensions is to audit all extensions in use by workers.
- Categorize extensions – Sure forms of extensions that make them interesting to assault. This may be attributable to their broad person base (corresponding to GenAI extensions) or due to the permissions granted to such extensions. Categorizing extensions might help assess the browser extension safety posture.
- Enumerate extension permissions – The following step is to listing the data extensions can entry. This helps additional map the assault floor and configure insurance policies in a while.
- Assess extension threat – Now it is time for threat administration. This implies assessing the chance for every extension based mostly on their permissions and the data they will entry. As well as, a holistic threat evaluation contains exterior parameters corresponding to popularity, reputation, writer, and set up technique. Collectively, these parameters ought to be mixed right into a unified threat rating.
- Apply adaptive, risk-based enforcement – Lastly, organizations can use their evaluation to use adaptive, risk-based enforcement insurance policies tailor-made to their makes use of, wants, and threat profile.
Entry the Report
Browser extensions are usually not only a productiveness software, they’re an assault vector most organizations have no idea exists. LayerX’s 2025 report supplies complete findings and data-driven evaluation to assist CISOs and safety groups rein on this threat and construct defensible browser environments.
Source link