Layerx Security Enterprise Browser Extension Security Report 2025 Finds Widespread Usage Makes Nearly Every Employee An Attack Vector

99% of enterprise users have at least one browser extension installed;
53% have installed extensions with high or critical permissions

NEW YORK, April 15, 2025 (GLOBE NEWSWIRE) -- LayerX Security, a leader in browser extension security and management, today released its Enterprise Browser Extension Security Report 2025, the only research that combines statistics from real-life usage data from enterprise users, collected from LayerX's customer base, with public data available from public extension stores, and analyzed for the first time to reveal how organizations and employees interact with extensions, the associated risks and security blind spots.

Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT. Drawing from tens of thousands of real enterprise users, the report breaks down how risky extensions gain access to sensitive data, where they come from and why most organizations have no effective way of managing them.

Key findings:

1. Browser Extensions Are Everywhere:
   99% of enterprise users have at least one browser extension installed. More than half (53%) have over 10 extensions installed in their browsers. This widespread usage means almost every employee represents a potential attack vector.
2. Most Extensions Have Access to Sensitive Data:
   53% of enterprise users have installed extensions with “high” or “critical” permission scopes. These extensions can access cookies, passwords, browsing data and more, meaning that enterprise users are at a higher risk of exposure
3. GenAI Browser Extensions are a Hidden Risk:
   Over 20% of enterprise users have a GenAI-enabled browser extension installed. These tools can bypass corporate GenAI access controls and gain privileged access to sensitive data at twice the rate of other extensions.GenAI extensions tend to be riskier than average: 58% of GenAI extensions have ‘High’ or ‘Critical’ permissions, such as cookies, identities or scripting at twice the average rate of all other extensions, making it a particularly large risk.
4. Extension Publisher Reputation is a Black Hole:
   How well an organization can trust an extension often depends on the reputation of the extension publisher. 54% of extension publishers use a free webmail account, and 79% have only published a single extension. Additionally, 22% of extensions are less than six months old. With little-to-no information to go by to establish credibility, establishing the trustworthiness of extensions is virtually impossible.
5. Unmaintained Browser Extensions are a Growing Concern:
   51% of all extensions haven’t received updates in over a year. Of those, 25% are published by developers identified only by a free webmail account, raising the possibility that these are ‘hobbyist’ extensions that have been abandoned.

“Browser extensions have quietly become one of the most overlooked threat surfaces in enterprise environments,” said Or Eshed, CEO and co-founder of LayerX Security. “Our latest report shows that extensions are not only everywhere in the enterprise, they’re also highly privileged, largely unvetted and often tied to anonymous publishers probing a risk to security leaders that they no longer afford to ignore.”

While Chrome, Edge and Firefox are the most common stores for extensions, the browser extension threat surface goes much wider. According to LayerX’s telemetry data from its user base, 17% of extensions installed on enterprise endpoints are from non-official stores, and 26% were side loaded, meaning they were deployed installed directly into the browser by another process or application.

How Protect Your Organization

The report’s findings highlight a need for organizations to adopt a proactive approach to managing the browser extensions used by employees. Only by auditing all extensions across every endpoint, IT teams can gain vital visibility into this threat surface. With a complete inventory, organizations can categorize extensions by function and risk, enumerate their permissions, and assess factors such as publisher trustworthiness and update frequency. This insight enables the implementation of adaptive, risk-based enforcement policies to block or restrict high-risk extensions, effectively reducing vulnerabilities while retaining productivity benefits.

While browser extensions offer many productivity benefits, they also expand organizations’ threat surface and their risk of exposure. Recent attack campaigns targeting browser extensions with malicious code should be a wakeup call for organizations to define how they protect against malicious and compromised browser extensions.

Download LayerX Security’s Enterprise Browser Extension Security Report 2025, or learn more about enterprise browser extension security.

About LayerX Security
LayerX Security offers an all-in-one, agentless security platform that protects enterprises against the most critical risks and threats of the modern web, including GenAI data leakage, SaaS risks, identity threats, web vulnerabilities, DLP and more. LayerX is deployed as an enterprise browser extension that integrates with any browser and provides organizations with full last-mile visibility and enforcement without disrupting the user experience. For browser extension security, LayerX is the one extension that can rule them all, providing comprehensive discovery, risk classification, and enforcement of all extensions in the organization. Enterprises use LayerX to secure their hybrid workforce in a SaaS-first world. For more information, visit the LayerX website at https://www.layerxsecurity.com.

Media Contact
Montner Tech PR
Hannah Sather
hsather@montner.com