1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Browser extensions are increasing the attack surface, putting emp

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 13, 2025 17:15:07
    Browser extensions are increasing the attack surface, putting employees and businesses at risk

    Date:
    Tue, 13 May 2025 16:00:00 +0000

    Description:
    Organizations are running multiple browser extensions many of which are a potential security liability.

    FULL STORY ======================================================================LayerX says enterprises are using tens of extensions daily Many are built by anonymous individuals Some have extensive permissions, putting sensitive data at risk

    Browser extensions are increasing the attack surface, putting employees and businesses at risk. This is according to the 2025 Enterprise Browser
    Extension Security Report , a new paper published by LayerX, a cybersecurity company specializing in securing web browsing for enterprises.

    The document was drafted by combining data from public extension marketplaces and real-world enterprise usage telemetry, LayerX said.

    The improvements extensions bring to everyday browsing are undeniable, LayerX said, describing them as ubiquitous. Virtually all enterprises (99%) have at least one installed, and more than half of analyzed organizations (52%) are running more than ten extensions.

    TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

    New users can take advantage of RoboForms exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

    Preferred partner ( What does this mean? ) View Deal Extensions add risk

    Extensions are pieces of software that add features or functionality to web browsers. These can be anything from blocking ads , managing passwords, to enhancing productivity. They can be built by both companies and independent (and anonymous!) developers, and can be found in browser-specific stores like the Chrome Web Store or Firefox Add-ons site.

    However, the researchers also claim they are dangerous, since 53% of
    installed extensions in enterprise environments have high or critical risk permissions, allowing access to sensitive data. Also, more than 20% of enterprise employees are now using GenAI extensions, more than half (58%) of which also have high or critical permissions.

    Trouble is further compounded by the fact that the identity of the extensions developer is, in many cases, unknown. More than half (54%) of extensions are published anonymously, and 79% of publishers have only released one
    extension, making trust assessment extremely challenging. Finally, 51% of extensions havent received an update in more than a year, while 26% are sideloaded, bypassing security vetting.

    To mitigate the threat, enterprises should audit all browser extensions, categorize them to understand their risk profiles, and enumerate and analyze their permissions meticulously, LayerX suggested. They should also perform comprehensive risk assessments and enforce adaptive, risk-based security policies.

    Via BleepingComputer You might also like US deportation airline GlobalX website defaced by hackers, data stolen Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/browser-extensions-are-increasing-the-a ttack-surface-putting-employees-and-businesses-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)