All news with #browser extensions tag

Validating Chrome Extensions: Organizational Security

🔒 This article by Stan Kaminsky reviews Athanasios Giatsos’ Security Analyst Summit 2025 talk and explains why malicious browser extensions are a major blind spot for organizations. It outlines how extensions can access cookies, local storage, proxy settings, clipboard and screen capture, enabling session and account theft, espionage, ad fraud and crypto theft, and why Manifest V3 reduces but does not eliminate risk. Practical controls described include formal extension policies and allowlists, disabling developer mode, version pinning and testing of updates, EDR and SIEM-based monitoring, and the use of specialized vetting tools for deeper analysis.

Browser Security Report 2025: Emerging Enterprise Risks

🛡️ The Browser Security Report 2025 warns that enterprise risk is consolidating in the user's browser, where identity, SaaS, and GenAI exposures converge. The research shows widespread unmanaged GenAI usage and paste-based exfiltration, extensions acting as an embedded supply chain, and a high volume of logins occurring outside SSO. Legacy controls like DLP, EDR, and SSE are described as operating one layer too low. The report recommends adopting session-native, browser-level controls to restore visibility and enforce policy without disrupting users.

Top Browser Sandbox Threats That Evade Modern Defenses

🔒 Modern browsers include sandboxing, but attackers exploit expected behaviors to bypass protections. A new on-demand webinar from Keep Aware outlines the top three browser-layer threats—credential theft, malicious extensions, and lateral movement—and explains why tools like CASBs, SWGs, and EDRs often miss these attacks. It shows how real-time browser visibility, policy enforcement, and behavioral detection extend protection into everyday user activity. The session is aimed at CISOs and security leaders seeking practical steps to close this blind spot.