Browser extensions have become deeply embedded in employees’ daily workflows, aiding tasks from grammar checking to discount hunting. Yet, their extensive permissions create significant security risks, largely unnoticed by IT and security teams.
A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector.
LayerX is hosting a webinar to discuss key findings from the Enterprise Browser Extension Security Report 2025. Gain actionable insights to mitigate browser extension risks.
Key Findings from the Report
1. Extensions are Ubiquitous but Dangerous: 99% of enterprise users have browser extensions installed, with 52% running more than ten extensions, significantly broadening the threat surface.
Security analysis: Nearly every employee could potentially compromise organizational security.
2. Extensive Permissions to Sensitive Data: 53% of extensions installed in enterprise environments have ‘high’ or ‘critical’ risk permissions, allowing access to sensitive data like cookies, passwords, browsing history, and webpage contents.
Security analysis: One compromised extension can put the entire organization at risk.
3. GenAI Extensions: The Hidden Threat Over 20% of enterprise employees use GenAI extensions, with 58% of these holding ‘high’ or ‘critical’ permissions, creating significant risk.
Security analysis: Enterprises must implement strict policies on GenAI extension usage and data handling.
4. Untrusted Extension Publishers: 54% of extensions are published anonymously via Gmail accounts, with 79% from publishers who have released only one extension, making trust assessment extremely challenging.
Security analysis: Trust verification for extensions is highly difficult, increasing the likelihood of malicious activity.
5. Abandoned and Outdated Extensions: 51% of extensions haven’t received updates in over a year, while 26% of enterprise extensions are sideloaded, bypassing security vetting.
Security analysis: Outdated or unmanaged extensions significantly raise security risks due to potential vulnerabilities.
Recommendations for Security and IT Teams:
- Audit all browser extensions across the enterprise environment.
- Categorize extensions to understand their risk profiles.
- Enumerate and analyze extension permissions meticulously.
- Perform comprehensive risk assessments of each extension.
- Enforce adaptive, risk-based security policies to manage extension threats effectively.
Download the full report to understand the complete security implications and strategies for managing browser extensions securely.
Sponsored and written by LayerX.