Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
LayerX Security 'Enterprise Browser Extension Security Report 2025' Finds Widespread Usage Makes Nearly Every Employee an Attack Vector

LayerX Security released its Enterprise Browser Extension Security Report 2025, the only research that combines statistics from real-life usage data from enterprise users, collected from LayerX's customer base, with public data available from public extension stores, and analyzed for the first time to reveal how organizations and employees interact with extensions, the associated risks and security blind spots.

Despite being present on virtually every employee's browser, extensions are rarely monitored by security teams or controlled by IT. Drawing from tens of thousands of real enterprise users, the report breaks down how risky extensions gain access to sensitive data, where they come from and why most organizations have no effective way of managing them.

Key findings:

  1. Browser Extensions Are Everywhere:
    99% of enterprise users have at least one browser extension installed. More than half (53%) have over 10 extensions installed in their browsers. This widespread usage means almost every employee represents a potential attack vector.
  2. Most Extensions Have Access to Sensitive Data:
    53% of enterprise users have installed extensions with "high" or "critical" permission scopes. These extensions can access cookies, passwords, browsing data and more, meaning that enterprise users are at a higher risk of exposure
  3. GenAI Browser Extensions are a Hidden Risk:
    Over 20% of enterprise users have a GenAI-enabled browser extension installed. These tools can bypass corporate GenAI access controls and gain privileged access to sensitive data at twice the rate of other extensions.

    GenAI extensions tend to be riskier than average: 58% of GenAI extensions have ‘High' or ‘Critical' permissions, such as cookies, identities or scripting at twice the average rate of all other extensions, making it a particularly large risk.
  4. Extension Publisher Reputation is a Black Hole:
    How well an organization can trust an extension often depends on the reputation of the extension publisher. 54% of extension publishers use a free webmail account, and 79% have only published a single extension. Additionally, 22% of extensions are less than six months old. With little-to-no information to go by to establish credibility, establishing the trustworthiness of extensions is virtually impossible.
  5. Unmaintained Browser Extensions are a Growing Concern:
    51% of all extensions haven't received updates in over a year. Of those, 25% are published by developers identified only by a free webmail account, raising the possibility that these are ‘hobbyist' extensions that have been abandoned.

"Browser extensions have quietly become one of the most overlooked threat surfaces in enterprise environments," said Or Eshed, CEO and co-founder of LayerX Security. "Our latest report shows that extensions are not only everywhere in the enterprise, they're also highly privileged, largely unvetted and often tied to anonymous publishers probing a risk to security leaders that they no longer afford to ignore."

While Chrome, Edge and Firefox are the most common stores for extensions, the browser extension threat surface goes much wider. According to LayerX's telemetry data from its user base, 17% of extensions installed on enterprise endpoints are from non-official stores, and 26% were side loaded, meaning they were deployed installed directly into the browser by another process or application.

How Protect Your Organization

The report's findings highlight a need for organizations to adopt a proactive approach to managing the browser extensions used by employees. Only by auditing all extensions across every endpoint, IT teams can gain vital visibility into this threat surface. With a complete inventory, organizations can categorize extensions by function and risk, enumerate their permissions, and assess factors such as publisher trustworthiness and update frequency. This insight enables the implementation of adaptive, risk-based enforcement policies to block or restrict high-risk extensions, effectively reducing vulnerabilities while retaining productivity benefits.

While browser extensions offer many productivity benefits, they also expand organizations' threat surface and their risk of exposure. Recent attack campaigns targeting browser extensions with malicious code should be a wakeup call for organizations to define how they protect against malicious and compromised browser extensions.

Published Tuesday, April 15, 2025 10:47 AM by David Marshall
Filed under: ,
Get This Featured White Paper: The Essential Guide to Cloud-Based Backup and Disaster Recovery
You may also be interested in this white paper: Optimization of IT Log Data with Log Intelligence
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<April 2025>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910