This report highlights the significant security risks associated with widespread browser extensions in enterprise environments, emphasizing their permissions and trust issues. It provides insights from the 2025 Enterprise Browser Extension Security Report and offers actionable recommendations for security teams.
Affected: enterprise organizations, IT security systems
Affected: enterprise organizations, IT security systems
Keypoints
- Nearly all enterprise employees (99%) use browser extensions, with over half running more than ten, increasing the threat surface.
- More than half (53%) of installed extensions have high or critical permissions, risking access to sensitive data like passwords and browsing history.
- Over 20% of employees use GenAI extensions, with 58% holding high-risk permissions, creating substantial security concerns.
- 54% of extensions are published anonymously, and most publishers have only released one extension, complicating trust verification.
- 53% of extensions are outdated or abandoned, with many sideloaded, leading to potential vulnerabilities.
- Outdated and unmanaged extensions significantly elevate security risks by exposing organizations to malicious activities.
- IT and security teams are advised to audit, categorize, and enforce risk-based policies on browser extensions to mitigate threats.