Everyone is aware that browser extensions, from spell checker to GenAI tools, are a part of almost every user’s normal routine. What the majority of IT and security professionals are unaware of is that website additions ‘ excessive privileges are putting organizations at risk.
The Organization , the first and only report to combine public improvement market statistics with actual-world enterprise usage telemetry, was released by LayerX today. In doing so, it illuminates one of the most underappreciated threats facing contemporary cybercrime: browser extensions.
As IT and safety leaders prepare their H2 2025 plans, the report reveals a number of findings that IT and security leaders may find interesting. This includes analysis and data on the types of privileges that are granted, how many extensions have hazardous permissions, and more. Important data from the document are provided below.
Highlights from the 2025 Venture Browser Extension Security Report
1. Browser additions are commonplace in business applications. Nearly all of the people have computer extensions installed, with 99 % having them done so. 52 % of them have installed more than 10 additions.
analysis of security: Almost all employees are exposed to the risk of browser extensions.
2. The majority of modifications have access to important information. The extensions for 53 % of enterprise users have access to sensitive data like cookies, passwords, web page contents, browsing information, and more.
Security research: A compromise at the employee level had put the entire organization at risk.
3. Who releases these additions? Who is aware? More than half ( 54 % ) of extension publishers are unknown and only accessible via Gmail. Just one improvement was published by 79 percent of publishers.
Security research: Using IT solutions, if at all possible, is challenging.
4. GeneNA extensions are a growing danger. At least 20 % of users have at least one GenAI extension, and 58 % of them have high-risk permission scopes.
Security research: Businesses may have clear guidelines for how to use and share GenAI extension data.
5. Unusable and unknowable website extensions are becoming more and more of a problem. Beyond basic store vetting, 26 % of enterprise extensions are sideloaded, and 51 % of extensions haven’t been updated in more than a year.
Security evaluation: Extensions can be resilient despite their intentional destructive behavior.
5 Security and IT Advice
The report provides not just data, but also meaningful advice for security and IT teams, recommending ways to combat the threat of browser extension.
How’s what LayerX advises businesses:
- Audit all extensions: A comprehensive picture of extensions is the key to comprehending the risk area. Auditing all extensions in use by employees is thus the first step in protecting against destructive browser extensions.
- Identify additions- Specific sorts of extensions that appeal to attackers. This may be due to the large customer base ( such as GenAI extensions ) or because of the privileges granted to such extensions. Using category-based extensions, one may estimate a website extension’s security posture.
- Record the information that extensions can obtain next is the second step. enumerate extension permissions. This aids in more mapping the assault surface and setting up policies in the future.
- Assess threat assessment for modification- Now it’s time for risk control. This entails determining the risk for each improvement based on their consents and the data they can get. Additionally, a comprehensive hazard assessment includes external factors like reputation, recognition, publisher, and installation method. These variables may be combined to create a unified risk report.
- Applying responsive, risk-based enforcement- Ultimately, organizations can use their analysis to develop responsive, risk-based enforcement strategies that are customized for their needs, risks, and needs.
Access the Report
Browser extensions are a common attack vector that most businesses are unaware of because they are not really a productivity tool. In addition to providing comprehensive findings and data-driven evaluation, the 2025 report from LayerX provides detailed information to assist CISOs and protection teams in containing this risk and creating reasonable browser environments.