Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Summary: LayerX has released the Enterprise Browser Extension Security Report 2025, highlighting the significant risks associated with browser extensions in enterprise settings. The report combines marketplace statistics with enterprise usage data, revealing critical vulnerabilities and the need for better management of browser extensions. Recommendations for enhancing security include auditing extensions, categorizing them, and applying risk-based enforcement strategies.

Affected: Organizations using browser extensions

Keypoints :

• 99% of employees have browser extensions installed, exposing organizations to significant risk.
• 53% of extensions can access sensitive data, increasing the risk of compromising critical information.
• More than half of extension publishers are unidentified, complicating trust and security verification.
• Over 20% of users have GenAI extensions, with 58% of these having high-risk permissions.
• 51% of extensions remain unmaintained for over a year, raising vulnerability concerns.
• LayerX recommends auditing, categorizing, enumerating permissions, assessing risks, and applying adaptive policies to improve security.