Cybersecurity

Browser Extensions Pose Critical Security Risk

Leon SCOTT

2 min read
Browser Extensions Pose Critical Security Risk

Banned. Need to look at this again with group policy.

Browser extensions have become deeply embedded in employees' daily workflows, aiding tasks from grammar checking to discount hunting. Yet, their extensive permissions create significant security risks, largely unnoticed by IT and security teams.
A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector.
LayerX is hosting a webinar to discuss key findings from the Enterprise Browser Extension Security Report 2025. Gain actionable insights to mitigate browser extension risks.
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX’s 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now.
BleepingComputerLayerX

Downloaded the report and shoved in my ever-increasing virtual library. Yike, another email request. I will go point on this one.

LayerX_Enterprise_Browser_Extension_Security_Report_2025
LayerX_Enterprise_Browser_Extension_Security_Report_2025.pdf
2 MB
download-circle

In relation to extensions, some of you may use these to manage your passwords. The following is shared and although not directly related, it can be depending on how you manage your passwords.

Your password manager is under attack: How to defend yourself against a new threat
Heard of polymorphic browser extensions yet? These savage impostors threaten the very future of credential management. Here’s what you need to know - and do.
ZDNETDavid Berlind
"Password managers are high-value targets and face constant attacks across multiple surfaces, including cloud infrastructure, client devices, and browser extensions," said NordPass PR manager Gintautas Degutis. "Attack vectors range from credential stuffing and phishing to malware-based exfiltration and supply chain risks."
Googling the phrase "password manager hacked" yields a distressingly long list of incursions. Fortunately, in most of those cases, passwords and other sensitive information were sufficiently encrypted to limit the damage.

So, think about it.

#enoughsaid