- Pouchex says that companies use dozens of extensions daily
- Many are built by anonymous individuals
- Some have extensive authorizations, putting sensitive data in danger
The browser extensions increase the surface of the attack, putting employees and companies in danger. This is in accordance with the 2025 business browser extension security report, a new article published by Layerx, a cybersecurity company specializing in securing web navigation for companies.
The document was written by combining data from public popularization markets and telemetry for the use of real world companies, said Layerx.
Improvements bring to daily navigation are undeniable, said Layerx, describing them as “omnipresent”. Almost all companies (99%) have at least one installation, and more than half of the organizations analyzed (52%) run more than ten extensions.
Extensions add a risk
Extensions are software that adds features or features to web browsers. These can be something, to block advertisements, to manage passwords, to strengthen productivity. They can be built by the two companies and independent developers (and anonymous!), And can be found in specific browser stores such as web store chrome or the Firefox additional modules site.
However, researchers also claim that they are dangerous because 53% of the extensions installed in corporate environments have “high” or “critical” risk authorizations, allowing access to sensitive data. In addition, more than 20% of the company’s employees now use Genai extensions, more than half of which (58%) also have “high” or “critical” authorizations.
The problems are still aggravated by the fact that the identity of the developer of the extension is, in many cases, unknown. More than half (54%) of extensions are published anonymously, and 79% of publishers have published only one extension, “make the evaluation of confidence extremely difficult”. Finally, 51% of extensions have not received an update for more than a year, while 26% are online, bypassing security check.
To mitigate the threat, companies should audit all browser extensions, classify them to understand their risk profiles, and list and analyze their “meticulously” authorizations, suggested Layerx. They should also carry out comprehensive risks and apply adaptive and risk -based security policies.
Via Bleeping Compompute
