A recent report has revealed alarming findings regarding browser extensions, highlighting their potential to access sensitive enterprise data. With nearly all employees using extensions, organizations face significant cybersecurity risks that could jeopardize their data integrity and compliance.

Key Takeaways

• Ubiquity of Extensions: 99% of employees have browser extensions installed, with 52% using more than 10.

• Sensitive Data Access: 53% of extensions can access critical data, including cookies and passwords.

• Unknown Publishers: Over half of extension publishers are anonymous, complicating trust assessments.

• GenAI Extensions: 20% of users have GenAI extensions, with 58% of these having high-risk permissions.

• Unmaintained Extensions: 51% of extensions haven't been updated in over a year, increasing vulnerability.

The Growing Risk of Browser Extensions

Browser extensions have become integral to daily workflows, enhancing productivity but also introducing significant security risks. The Enterprise Browser Extension Security Report 2025 by LayerX reveals that a staggering 99% of employees utilize browser extensions, with many unaware of the potential dangers.

The report indicates that 53% of these extensions can access sensitive data, raising concerns about data breaches and compliance violations. This risk is compounded by the fact that over half of the extension publishers are unknown, making it difficult for organizations to assess the trustworthiness of the tools their employees are using.

High-Risk Permissions and GenAI Threats

The findings also highlight the growing prevalence of GenAI extensions, which are increasingly popular among users. However, these extensions often come with high-risk permissions that could expose sensitive data. With 20% of users having at least one GenAI extension, organizations are urged to establish clear policies regarding their use and data sharing practices.

Unmaintained Extensions: A Vulnerability Concern

Another critical issue identified in the report is the number of unmaintained extensions. A significant 51% of extensions have not been updated in over a year, leaving them vulnerable to exploitation. Additionally, 26% of enterprise extensions are sideloaded, bypassing standard vetting processes, which further increases the risk of malware and data theft.

Recommendations for Organizations

To mitigate these risks, organizations should consider the following recommendations:

1. Audit All Extensions: Conduct a comprehensive audit of all extensions in use to understand the threat landscape.

2. Categorize Extensions: Identify and categorize extensions based on their risk levels and permissions.

3. Enumerate Permissions: List the permissions each extension requires to assess potential vulnerabilities.

4. Risk Assessment: Evaluate the risk associated with each extension, considering factors like publisher reputation and installation method.

5. Adaptive Enforcement: Implement adaptive, risk-based enforcement policies tailored to the organization’s needs.

As browser extensions continue to play a crucial role in enhancing productivity, organizations must remain vigilant about the associated security risks. By understanding the potential threats and implementing robust security measures, enterprises can better protect their sensitive data from unauthorized access and cyber threats. The findings from the Enterprise Browser Extension Security Report 2025 serve as a wake-up call for IT and security leaders to reassess their browser extension policies and practices.

As cybercriminals continue to adapt their strategies, awareness and education remain crucial in combating these threats. Cybersecurity is critical. BetterWorld Technology offers cutting-edge solutions to combat evolving threats while driving innovation. Protect your business with confidence—contact us today for a consultation!

Sources

• Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds, The Hacker News.

• More Than Half of Browser Extensions Pose Security Risks, Dark Reading.

• Study: Millions of Google Chrome Web Store Users at Risk of Running Extensions Infected with Malware, Tech Times.

• The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield, The Hacker News.

• Google Chrome Web Store still has security work to do • The Register, The Register.