A new report by LayerX, Enterprise Browser Extension Security Report 2025, has exposed a widespread and overlooked security blind spot in enterprises: browser extensions.
The research draws on real-world telemetry from enterprise environments, combined with public data from major extension stores. It reveals that browser extensions, often viewed as harmless productivity tools, are a major vector for data exposure and potential breaches.
Key Findings
LayerX found that 99% of enterprise users have at least one browser extension installed, and 52% have more than ten extensions. While most originate from official extension stores, 17% come from non-official sources, and 26% are sideloaded, bypassing store security checks.
Significantly, 53% of enterprise users installed extensions with ‘high’ or ‘critical’ permissions. These permissions enable access to sensitive data such as cookies, passwords, and user identities. In contrast, only 4.8% of all extensions request cookie access, but 11% of those used in enterprises have this access, doubling the general rate.
GenAI extensions, in particular, present a growing threat. 20% of enterprise users have at least one GenAI browser extension, and 45% of those have more than one. 58% of GenAI extensions have high-risk permissions, compared to 53% overall. These extensions often access cookies, tabs, and inject scripts—capabilities that can easily be misused.
The trustworthiness of extension publishers is also a serious concern. 54% of extensions are published using free Gmail accounts, and 79% of developers have only released a single extension. Additionally, 58% of all extensions lack a privacy policy, making it difficult to evaluate their data handling practices.
Moreover, many extensions appear abandoned. 51% have not been updated in over a year, and 25% meet the criteria for being potentially abandoned and unmonitored, especially when linked to anonymous developers.
CISO Recommendations from LayerX
To address the mounting risks, LayerX advises Chief Information Security Officers (CISOs) to implement a five-step strategy:
- Audit all browser extensions across all browsers and devices to fully understand the organization’s threat surface.
- Categorize extensions to identify risk-prone types such as GenAI and VPN tools.
- Enumerate extension permissions to determine what sensitive data is accessible.
- Assess each extension’s risk, evaluating both technical capabilities and external trust indicators like developer history and update frequency.
- Apply adaptive, risk-based enforcement to block or restrict extensions with unacceptable risk levels.
While often neglected, browser extensions have emerged as a major attack surface within the enterprise ecosystem. This report urges organizations to move beyond passive reliance on extension store vetting and adopt proactive browser security strategies. As enterprises increasingly adopt AI tools and web-based workflows, visibility and control over browser extensions will be vital to safeguarding sensitive data.
About Author
