Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Browser Extension. Show all posts
Password
Browser Extension Browser Vulnerability Cybersecurity Datathreats Digital Data Management LayerX Digital World Extensions Manage Passwords Password

Report Reveals Serious Security Issues in Common Browser Extensions

 


Modern digital workflows have become increasingly dependent on browser extensions, supporting a variety of tasks ranging from grammar correction, password management, and advanced AI integrations into everyday tasks. Browser extensions have become widely used across both personal and corporate environments, but they remain among the most overlooked vectors of cybersecurity risks in the world. 

Although end users continue to enjoy the convenience offered by these tools, many IT and security professionals are unaware of the significant threats that may be posed by the excessive permissions granted to these extensions, which can, in many cases, expose sensitive organizational data and compromise enterprise systems, and which can be a serious concern for an organization. 

In its Enterprise Browser Extension Security Report for 2025, a leading authority in browser extension security and management, LayerX Security offers comprehensive insight into the security and management of browser extensions. In this report, LayerX's extensive customer database of real-world enterprise telemetry is combined with publicly available data from major online marketplaces for browser extensions for the first time to present an analysis of actionable data from actual enterprise telemetry. 

A unique perspective is provided in this report by merging these two data streams and analyzing them through the lens of cybersecurity, to provide a comprehensive understanding of how browser extensions are used within enterprise environments, the behaviors of the employees who use them, and the risks associated with these extensions, all of which are often overlooked. 

Using this research, we will be able to examine the permissions commonly requested by extensions, identify the high-risk extensions currently in use, and identify critical security blind spots where organizations may be vulnerable to data leaks, unauthorized accesses, or malware infiltration due to critical security blind spots. This report differs from traditional studies, which have focused primarily on public metrics and hypothetical threat models, and instead presents a data-driven assessment of the actual behaviour of enterprises and the usage patterns of extensions. 

Using this report, organisations can gain a better understanding of critical security gaps, identify security blind spots, and demonstrate the danger of overly permissive extensions, which can lead to data leakage, unauthorised access, and third-party vulnerabilities. LayerX, a cloud-based threat management platform that combines internal usage data with external ecosystem data, provides an unprecedented insight into a threat landscape that has long been under the radar of many security and IT professionals. 

There are several ways in which browser extensions can be used to enhance browser functionality, including the ability to block ads, manage passwords, or customise user interfaces, but they can also be used to make users' browser more vulnerable. While many extensions offer legitimate productivity and usability benefits, not every extension is made with the idea of keeping users safe in mind at all times. As a result, there are increasing numbers of extensions that have been created with malicious intent. 

These extensions seek to steal sensitive data, monitor the activities of users, insert unauthorised advertisements, or, in severe cases, even fully control the browser. The Enterprise Browser Extension Security Report 2025 sheds light on the scope of this neglected risk by highlighting that extensions, by their very nature, often require extensive permissions, which can be easily exploited by attackers. Taking this into account, the report calls for an entirely new paradigm in the management of browser extensions across organisations' networks. 

IT and security teams are encouraged to adopt a proactive, policy-driven approach to oversight of extensions across enterprise endpoints. This begins with a thorough audit of each extension deployed across all enterprise systems. Creating an extensive inventory of extensions allows organisations to classify them according to their functions, determine their permission levels, assess the credibility of developers, and monitor update patterns to determine the trustworthiness of all extensions. 

By understanding this type of information, it is possible to develop a risk-based enforcement strategy that will enable high-risk or suspicious extensions to be flagged, restricted or blocked entirely without impacting the user's productivity. A key point highlighted in the report is the fact that adaptive security frameworks are imperative because they can respond dynamically to evolving threats in the browser ecosystem. As a result of the increasing number of attacks targeting browser extensions as delivery mechanisms for malware or data exfiltration, these measures are not just advisable, they are essential. 

Organisations cannot afford to ignore browser extensions as a secondary concern anymore. Because malicious or compromised extensions can bypass traditional perimeter defences in a way that is silent, malicious or compromised extensions are a critical threat vector that requires continuous visibility, contextual risk assessment and strategic controls to be effectively managed. 

In the past, "man-in-the-browser" attacks were primarily based on malware that would manipulate browser memory by identifying certain HTML patterns and injecting script> tags directly into the content of in-memory web pages. Despite the undeniable malicious nature of these methods, they were largely restricted by the browser's native security architecture, which in turn kept them from going too far. 

As a result, the scripts that were injected were restricted in their ability to access cross-site data, to persist beyond the session, or to execute outside the target page. Because they ran in a sandboxed environment, followed the same-origin policy, and were limited to the duration of the page on which they were inserted. Despite these limitations, modern threat actors are increasingly taking advantage of malicious browser extensions to circumvent them. 

Browser extensions are installed components that are independent of individual web pages, as opposed to traditional web-based malware. In a browser session, they will have access to elevated and persistent resources, allowing them to run continuously in the background, even when there are no tabs open at the time. 

The malicious extensions can bypass the same-origin constraints, intercept or modify information from multiple websites with these elevated privileges, access cookies and store them across domains with such elevated privileges, and exert ongoing control over browsing environments without immediate detection. As part of this evolution, a critical change was also made to the JavaScript execution context. 

Unlike traditional injections, where the injection executes in the same context as legitimate web application scripts and security tools, leaving behind detectable artefacts like DOM elements, JavaScript variables, and suspicious network requests, extensions are executed in a separate context, often with more privileges. By separating in-page activity, attackers are less likely to be discovered by conventional security tools that monitor in-page activity, making it easier to conceal their presence and sustain longer dwell times within compromised environments as a result. With their advanced capabilities and stealth, malicious browser extensions mark a significant change in the threat landscape and transform them into powerful weapons for cyber adversaries. 

For modern enterprises that are interested in maintaining robust browser-level security, they must understand and mitigate these risks. In addition to showing the scale and complexity of the threat landscape for browser extensions in 2025, the Enterprise Browser Extension Security Report 2025 also provides an actionable framework for mitigating the risks that may arise as a result. 

In addition to providing diagnostics, LayerX offers a clear, strategic roadmap to help enterprises move from a fragmented and unmonitored extension environment to one governed, structured, and secure. In addition to containing five core recommendations, this guidance can be used to assist security teams in implementing effective, scalable measures to protect their data.

1. Establish a Comprehensive Extension Inventory 

Visibility is a critical part of any meaningful browser extension security strategy, so organizations should establish a comprehensive inventory of all extensions installed across every managed device to establish a comprehensive security strategy. As part of the browser management APIs and endpoint management platforms, IT teams can track the installations and sideloaded components that are both officially installed. 

To effectively enforce policy and collect key metadata, such as extension IDs and versions, installation sources, publisher credentials, permissions requested, and installation timestamps, this comprehensive dataset must be created. It serves as the basis for all subsequent analysis and enforcement actions. 

2. Classify Extensions by Functionality and Risk Category 


As soon as an organisation establishes an inventory of extensions, it should categorise them according to their core functionality. These categories can be categorised according to whether the extensions enhance productivity, integrate AI, improve developer productivity, or encompass media. These categories should also be aligned with predefined risk categories. 

Extensions with GenAI or data scraping capabilities, for example, may require elevated access to the application and should be examined more closely; however, extensions whose capabilities are restricted to interface customisation might pose a much lower threat. By categorising the functional components of an application, security teams can prioritise oversight efforts and direct resources accordingly. 

3. Deep Dive into Permission Scopes and Access Levels


For security teams to understand the potential impact of each extension, it is vital to analyse the permission sets requested by each extension. Those teams should pay close attention to permissions categorised as high-sensitivity, such as the permissions to read and change all the data on each website users visit, to access browsing history and to manage downloads. Also, less well-known but equally risky scopes are "nativeMessaging" and "cookies." The use of a permissions-to-impact matrix is a great way for organisations to map technical access to risky scenarios in real-world scenarios, such as session hijacking, data exfiltration, or tampering with web requests. 

4. Conduct a Holistic Risk Assessment for Each Extension 


As part of a well-rounded risk assessment, contextual factors should be considered as well as technical factors, including the legitimacy of the publisher, the age of the extension, the frequency of updates, the user adoption patterns, and the rating of the extension store. 

Using these elements, one can create a weighted risk score for each extension, highlighting high-risk entries that are highly complex with powerful permissions but questionable provenances or widespread deployments. Using automated tools and dynamic dashboards, it may be possible to identify and prioritise emerging threats in real time, allowing for a swift response. 

5. Enforce Adaptive, Risk-Based Policies Across the Organisation 


It is recommended that organisations, instead of relying on rigid allowlists or denylists, develop flexible, risk-aware policies that are tailored to meet the specific needs of different user groups, business units, or levels of data sensitivity. A low-risk productivity extension could be automatically approved, while a high-risk or unverified extension may require manual approval or be restricted to an isolated developer environment. 

Several automated enforcement actions are available to ensure compliance as new extensions are installed, existing extensions are updated, and access is revoked, such as real-time alerts, forced uninstallations, or access revocations. Therefore, as browser extensions continue to become more and more prevalent across enterprise environments, there is a growing recognition that the risks they pose cannot be ignored as secondary. 

The report by LayerX is both a call to action and a blueprint for organizations to begin moving from passive tolerance to active governance, and is a call to action. By adopting a data-driven, structured approach to browser extension security, enterprises can reduce the risk they run from vulnerabilities while simultaneously maintaining the productivity gains that extensions were originally designed to deliver.
Read more »
Pop-ups
AI Tool Brave Browser Browser Extension Cookie Blocker Cookie Pop-Ups Cookies Cyber Security Data protection GDPR GDPR protection Pop-ups

Brave Browser’s New ‘Cookiecrumbler’ Tool Aims to Eliminate Annoying Cookie Consent Pop-Ups

 

While the General Data Protection Regulation (GDPR) was introduced with noble intentions—to protect user privacy and control over personal data—its practical side effects have caused widespread frustration. For many internet users, GDPR has become synonymous with endless cookie consent pop-ups and hours of compliance training. Now, Brave Browser is stepping up with a new solution: Cookiecrumbler, a tool designed to eliminate the disruptive cookie notices without compromising web functionality. 

Cookiecrumbler is not Brave’s first attempt at combating these irritating banners. The browser has long offered pop-up blocking capabilities. However, the challenge hasn’t been the blocking itself—it’s doing so while preserving website functionality. Many websites break or behave unexpectedly when these notices are blocked improperly. Brave’s new approach promises to fix that by taking cookie blocking to a new level of sophistication.  

According to a recent announcement, Cookiecrumbler combines large language models (LLMs) with human oversight to automate and refine the detection of cookie banners across the web. This hybrid model allows the tool to scale effectively while maintaining precision. By running on Brave’s backend servers, Cookiecrumbler crawls websites, identifies cookie notices, and generates custom rules tailored to each site’s layout and language. One standout feature is its multilingual capability. Cookie notices often vary not just in structure but in language and legal formatting based on the user’s location. 

Cookiecrumbler accounts for this by using geo-targeted vantage points, enabling it to view websites as a local user would, making detection far more effective. The developers highlight several reasons for using LLMs in this context: cookie banners typically follow predictable language patterns, the work is repetitive, and it’s relatively low-risk. The cost of each crawl is minimal, allowing the team to test different models before settling on smaller, efficient ones that provide excellent results with fine-tuning. Importantly, human reviewers remain part of the process. While AI handles the bulk detection, humans ensure that the blocking rules don’t accidentally interfere with important site functions. 

These reviewers refine and validate Cookiecrumbler’s suggestions before they’re deployed. Even better, Brave is releasing Cookiecrumbler as an open-source tool, inviting integration by other browsers and developers. This opens the door for tools like Vivaldi or Firefox to adopt similar capabilities. 

Looking ahead, Brave plans to integrate Cookiecrumbler directly into its browser, but only after completing thorough privacy reviews to ensure it aligns with the browser’s core principle of user-centric privacy. Cookiecrumbler marks a significant step forward in balancing user experience and privacy compliance—offering a smarter, less intrusive web.
Read more »
Malwares
browser credential theft Browser Extension Cyber Attacks Login Credentials Malicious Browser Extension Malware attacks Malwares

New Malware Impersonates Browser Extensions to Steal Login Credentials

 

Cybercriminals are continually evolving their tactics to evade antivirus detection and trick users into installing malicious software. One of the latest threats involves malware that impersonates legitimate browser extensions, allowing attackers to steal login credentials while remaining undetected. Although this discovery is concerning, researchers have identified the vulnerability before it could be widely exploited, giving security teams time to respond. 

According to a report by SquareX Labs, this attack starts with scammers developing seemingly useful browser extensions, such as an AI-powered transcription tool. To avoid malware detection, they distribute the extension outside official platforms like the Chrome Web Store or Google Play. Users are then encouraged to pin the extension for easy access, allowing it to quietly monitor their browsing habits over time. 

Once installed, the malicious extension collects data on the user’s existing extensions, particularly those used for handling sensitive information, such as password managers. When the right opportunity arises, it disables the legitimate extension and replaces its icon with an identical version. If the user attempts to access their password manager, they unknowingly interact with the fake extension instead. 

To further deceive users, the fraudulent extension displays a message stating that their session has expired, requiring them to log in again. However, rather than accessing their accounts, victims unknowingly submit their credentials directly to cybercriminals. With this information, attackers can break into password vaults, gaining access to sensitive data, stored passwords, and linked accounts. This method is particularly dangerous because it exploits trust in well-known extensions. 

Unlike traditional phishing attempts, which rely on fake websites or deceptive emails, this attack leverages the user’s own browser environment, making it harder to detect. Victims may not realize they’ve been compromised until they notice unauthorized activity on their accounts. Despite the sophistication of this attack, there is no immediate reason for panic. Security researchers identified the exploit before cybercriminals could widely deploy it, and browser developers have been alerted to the risk. 

However, this incident underscores the importance of practicing good cybersecurity habits. Users should only install browser extensions from trusted sources like the Chrome Web Store, avoid third-party downloads, and check reviews before installation. 

Additionally, enabling multi-factor authentication (MFA) on important accounts can provide an extra layer of security, reducing the risk of credential theft. As cyber threats continue to evolve, staying informed and cautious about software installations remains crucial to maintaining online security.
Read more »
Google Chrome security
Browser Extension Browser Vulnerability Chrome Web Store Cyber Security data security Google Google Chrome Google Chrome security

Google Chrome Users at Risk: Study Reveals Dangerous Extensions Affecting 280 Million

 

A recent study has unveiled a critical security threat impacting approximately 280 million Google Chrome users who have installed dangerous browser extensions. These extensions, often masquerading as useful tools, can lead to severe security risks such as data theft, phishing, and malware infections. 

The research highlights that many of these malicious extensions request excessive permissions, granting them access to sensitive user data, the ability to monitor online activities, and even control over browser settings. This exposure creates significant vulnerabilities, enabling cybercriminals to exploit personal information, which could result in financial losses and privacy invasions. In response, Google has been actively removing harmful extensions from the Chrome Web Store. 

However, the persistence and evolving nature of these threats underscore the importance of user vigilance. Users are urged to carefully evaluate the permissions requested by extensions and consider user ratings and comments before installation. Cybersecurity experts recommend several proactive measures to mitigate these risks. Regularly reviewing and removing suspicious or unnecessary extensions is a crucial step. Ensuring that the browser and its extensions are updated to the latest versions is also vital, as updates often include essential security patches. Employing reputable security tools can further enhance protection by detecting and preventing malicious activities associated with browser extensions. 

These tools provide real-time alerts and comprehensive security features that safeguard user data and browsing activities. This situation underscores the broader need for increased cybersecurity awareness. As cybercriminals continue to develop sophisticated methods to exploit browser vulnerabilities, both users and developers must remain alert. Developers are encouraged to prioritize security in the creation and maintenance of extensions, while users should stay informed about potential threats and adhere to best practices for safe browsing. 

The study serves as a stark reminder that while browser extensions can significantly enhance user experience and functionality, they can also introduce severe risks if not managed correctly. By adopting proactive security measures and staying informed about potential dangers, users can better protect their personal information and maintain a secure online presence. 

Ultimately, fostering a culture of cybersecurity awareness and responsibility is essential in today’s digital age. Users must recognize the potential threats posed by seemingly harmless extensions and take steps to safeguard their data against these ever-present risks. By doing so, they can ensure a safer and more secure browsing experience.
Read more »
Vulnerabilities and Exploits
Anti Cheating Browser Extension Hackers Hacking Vulnerabilities and Exploits

A flaw in Anti Cheating Browser Extension led Hackers to Hack University Computers

 

A web security vulnerability in an anti-cheating browser extension developed a way to sneak into the machines of college students as well as other users before they could be fixed. 

Security researchers at Sector 7, the research section of Dutch security firm Computest, identified a cross-site scripting (XSS) bug in the Proctorio Google Chrome browser plugin. Proctorio is a type of proctoring software, which has come into its own during the pandemic to prevent cheating throughout online assessments. 

The technology has been widely employed in the Netherlands, much to the ire of local student organizations that have unsuccessfully challenged its use as a privacy danger. Concerns were raised because the program may read and update data on websites visited by users, as well as take screenshots and monitor webcam footage. 

“This [vulnerability] could be used by a malicious page to access data on any site where the user is currently logged in, for example, read all your email,” Sector7 told The Daily Swig. 

“And it could be used to access features like the webcam if the user has granted any website permission to use it.” 

According to a professional write-up of the flaw by Sector7, the problem came through errors in the Proctorio extension's implementation of an 'open calculator' functionality. Since the calculator is attached to the DOM of the page activating Proctorio, JavaScript on the page can immediately enter an expression for the calculator and afterward activate the evaluation, according to the researchers. 

This enables the website to run code within the content script. The page can then send messages to the background website from the scope of the content script, which is regarded as messages from the content script. Researchers discovered that they could trigger uXSS using a mixture of messages. 

Sector7 told The Daily Swig: “[The] root cause [of the vulnerability] was evaluating untrusted JavaScript originating from a webpage in the extension, leading to universal cross-site scripting.” 

Nevertheless, Proctorio has finally corrected the critical security flaw. As Chrome browser extensions are updated automatically, users do not have to actively upgrade their software to be secured. 

Sector7 reported the problem to Proctorio in June, and a week later received confirmation that it had been rectified. Sector7 verified the fix in August, well before it revealed its technical findings last week. Sector7/Computest investigated the Proctorio program at the demand of local media outlet RTL Nieuws, which afterward compiled a report on the findings.
Read more »
Subscribe to: Posts (Atom)