The Risks of Browser Extensions in Enterprise Environments
Introduction
A recent study conducted by Spin.AI has shed light on the significant cybersecurity risks associated with browser extensions within enterprise environments. The study focused on Chromium-based browser extensions, which are used across multiple browsers such as Google Chrome and Microsoft Edge. The findings of the study indicate that a concerning number of these extensions have access to high levels of content and pose serious threats to the data stored in browsers as well as in SaaS platforms like Google Workspace and Microsoft 365.
The Study’s Findings
The research revealed that 51% of the installed browser extensions assessed in the study were considered high risk, with the potential to cause extensive damage to organizations. These high-risk extensions were capable of capturing sensitive data from enterprise apps, running malicious JavaScript, and surreptitiously sending protected data, including banking details and login credentials, to external parties. Productivity-related extensions accounted for 53% of the extensions evaluated, but the highest security risks were found in browser extensions used within cloud software development environments, with 56% of them identified as high-security risks.
Real-Life Example: The ChatGPT Trojan Horse Attack
One of the most concerning examples highlighted in the study was an incident where a threat actor uploaded a browser extension that masqueraded as the legitimate ChatGPT add-on but was, in fact, a Trojan horse that hijacked Facebook accounts. Thousands of users fell victim to this attack and had their Facebook account credentials stolen, including several thousand business accounts. While Google acted swiftly to remove the malicious extension from its official Chrome Store, similar extensions continue to be uploaded to the store. In August alone, Spin.AI identified over 200 ChatGPT extensions on the Chrome webstore, compared to just 11 in May.
Inadequate Controls and Security Pitfalls
The study also revealed that organizations, particularly those with over 2,000 employees, have an alarmingly high number of installed extensions. On average, organizations in this category had 1,454 extensions installed, many of which presented high security risks. What is particularly concerning is that organizations freely use browser extensions developed by anonymous authors, with 42,938 extensions falling into this category. These statistics raise concerns about the lack of scrutiny and security checks of such extensions. Furthermore, some organizations even build their own extensions for internal use, introducing additional risk as these extensions may not undergo the same level of scrutiny as those available on official platforms.
Risk Infiltration and Unexpected Behaviors
The study highlighted that browsers themselves can be compromised from inception or through malicious code inserted via automatic updates. Attackers infiltrating an organization’s supply chain may insert this malicious code into a legitimate update. Additionally, developers selling their extensions to third parties can potentially update them with malicious capabilities. Another important consideration is how a browser extension may abuse its permissions to behave in unexpected ways, such as using identity permissions to send information to third parties without user consent.
Protecting Against Browser Extension Risks
Policies and Risk Management Frameworks
Organizations need to establish and enforce policies based on third-party risk management frameworks to mitigate the risks associated with browser extensions. These frameworks should include assessments of extensions and applications for operational, security, privacy, and compliance risks. Automated controls should be implemented to allow or block extensions based on organizational policies, providing an additional layer of defense.
Evaluation and Maintenance
To enhance security, organizations should evaluate browser extensions before installing them by considering factors such as the scope of permissions requested, the developer’s reputation, and the disclosure of security or compliance audits. Regular updates and maintenance are crucial to ensure that extensions remain secure and free from vulnerabilities. Organizations should also consider user reviews and ratings, as well as any history of data breaches or security incidents associated with specific extensions.
Conclusion
The risks associated with browser extensions in enterprise environments are significant and cannot be overlooked. The recent study by Spin.AI highlights the need for organizations to adopt comprehensive security measures to combat these risks effectively. By assessing and evaluating extensions, enforcing policies, and remaining vigilant, organizations can mitigate the threats posed by these extensions and protect sensitive data from being compromised. Internet security should be a top priority for organizations, and a comprehensive approach is necessary to ensure the safety and privacy of their valuable information.
<< photo by davide bodini >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Exploring the Rise of Grip Security: $41M Series B Funding Led by Third Point Ventures
- Forescout Joins Forces with Microsoft Sentinel: Strengthening Cybersecurity Integration to Combat Threats
- “A Deep Dive into Jordan’s Controversial Cybercrime Law”
- “Enhanced Security: Google Chrome Introduces Alerts for Auto-Removal of Malicious Browser Extensions”
- The Hidden Dangers of Nursing Technology: Wi-Fi Security Risks in Decommissioned Medical Equipment
- The Vulnerable Workout: Unveiling the Security Risks of Peloton Fitness Equipment
- Exploring the Security Risks: An In-Depth Look at the Rockwell Automation ControlLogix Bugs
- Unveiling the Hidden Dangers: White House Takes Action on Harmful Data Broker Practices
- The Hidden Dangers of LOLBAS: Unveiling the Malicious Intent of Living-Off-The-Land Binaries
