Key Findings from the Report
1. Extensions are Ubiquitous but Dangerous: 99% of enterprise users have browser extensions installed, with 52% running more than ten extensions, significantly broadening the threat surface.
Security analysis: Nearly every employee could potentially compromise organizational security.
2. Extensive Permissions to Sensitive Data: 53% of extensions installed in enterprise environments have 'high' or 'critical' risk permissions, allowing access to sensitive data like cookies, passwords, browsing history, and webpage contents.
Security analysis: One compromised extension can put the entire organization at risk.
3. GenAI Extensions: The Hidden Threat Over 20% of enterprise employees use GenAI extensions, with 58% of these holding 'high' or 'critical' permissions, creating significant risk.
Security analysis: Enterprises must implement strict policies on GenAI extension usage and data handling.
4. Untrusted Extension Publishers: 54% of extensions are published anonymously via Gmail accounts, with 79% from publishers who have released only one extension, making trust assessment extremely challenging.
Security analysis: Trust verification for extensions is highly difficult, increasing the likelihood of malicious activity.
5. Abandoned and Outdated Extensions: 51% of extensions haven't received updates in over a year, while 26% of enterprise extensions are sideloaded, bypassing security vetting.
Security analysis: Outdated or unmanaged extensions significantly raise security risks due to potential vulnerabilitie
