The Growing Cybersecurity Risk of Browser Extensions in Enterprises: Insights from LayerX’s Report

By /

Listen to this Post

In today’s digital world, browser extensions have become integral tools in enhancing productivity, from spell checkers and ad blockers to GenAI-driven tools. However, the convenience these extensions offer often comes with significant hidden risks, especially in enterprise environments. A recent report by LayerX, the Enterprise Browser Extension Security Report 2025, sheds light on a rising security threat that many IT and security professionals have yet to fully comprehend. By merging statistics from public extension marketplaces with real-world enterprise usage data, the report exposes the growing dangers that browser extensions pose to organizations. Here’s a breakdown of the key findings from the report, and a closer look at how enterprises can mitigate these risks.

Key Findings from the LayerX 2025 Report

1. Browser Extensions are Ubiquitous in Enterprises

  • 99% of employees in organizations have browser extensions installed, with 52% of employees using more than 10 extensions.
  • Security Analysis: Nearly all employees are exposed to potential security risks from these extensions.

2. Critical Data Access is Widespread

  • 53% of extensions used by enterprise employees have access to sensitive data, such as cookies, passwords, web page contents, and browsing information.
  • Security Analysis: A single employee-level compromise could endanger the entire organization.

3. Unknown Extension Publishers

  • Over half (54%) of browser extension publishers are unidentified, often only traceable to a Gmail account. Additionally, 79% of these publishers have only released a single extension.

– Security Analysis:

4. GenAI Extensions Are a Growing Threat

  • More than 20% of employees are using GenAI-based extensions, and 58% of these have high-risk permissions.
  • Security Analysis: Enterprises must establish clear policies regarding the use and data sharing of GenAI extensions to avoid potential breaches.

5. Unmaintained and Sideloaded Extensions Pose a Risk

  • 51% of browser extensions have not been updated for over a year, and 26% of enterprise extensions are sideloaded, bypassing basic vetting processes from official extension stores.
  • Security Analysis: Extensions can become vulnerable over time, even if they are not inherently malicious.

What Undercode Says:

The growing trend of browser extensions in enterprise environments has been largely overlooked in cybersecurity discussions. While extensions can enhance productivity, they also introduce numerous vulnerabilities, especially when permissions are excessive or poorly managed. LayerX’s report highlights the sheer scale of this issue: nearly all employees are interacting with extensions that could compromise sensitive organizational data. A staggering 53% of these extensions can access critical data, making them prime targets for cybercriminals.

The biggest challenge lies in the lack of transparency around extension publishers. With more than half of extension developers operating under pseudonyms (often identified only through Gmail accounts), tracking the legitimacy and trustworthiness of these extensions becomes nearly impossible. This opens the door for malicious extensions to slip through the cracks, exploiting their access to sensitive information.

Another concerning trend identified in the report is the rise of GenAI extensions, which have become increasingly popular but also introduce significant security risks. With 58% of these extensions carrying high-risk permissions, enterprises need to establish clear usage policies and ensure their employees are aware of the potential dangers posed by these tools.

The issue of unmaintained and sideloaded extensions is equally alarming. Extensions that are no longer updated pose an easy target for attackers looking to exploit outdated code. Sideloaded extensions bypass official vetting processes, making them even more difficult to track and assess for potential vulnerabilities.

LayerX’s report emphasizes the need for organizations to adopt a proactive approach to browser extension security. The first step is to conduct a comprehensive audit of all extensions currently in use. By categorizing these extensions and enumerating their permissions, IT teams can begin to assess the associated risks. A thorough risk assessment should take into account not just the extension’s permissions, but also factors like the publisher’s reputation and the method of installation.

Once risks have been assessed, organizations should implement adaptive, risk-based enforcement policies to mitigate potential threats. These policies can be tailored to the specific needs and risk profiles of individual organizations, ensuring that resources are allocated effectively to address the most pressing threats.

Fact Checker Results

  • The data presented in the LayerX report is consistent with known trends in cybersecurity, especially concerning the use of third-party software and extensions in enterprise environments.
  • The statistics regarding unmaintained and sideloaded extensions reflect a growing concern among security professionals about the lack of oversight in these areas.
  • The findings regarding GenAI extensions align with current discussions about the risks posed by artificial intelligence tools, especially when they are granted excessive permissions.

By focusing on these risks and following the actionable recommendations provided, organizations can better protect themselves from the often-overlooked threat of browser extensions.

References:

Reported By: thehackernews.com
Extra Source Hub:
https://www.pinterest.com
Wikipedia
Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Explore More: