Latest news with #LayerX
Forbes
13-06-2025
- Forbes
Google Chrome Warning Issued For Most Windows PC Users
Beware this hidden Chrome threat. This is another interesting month for Google's 3 billion Chrome users, with a U.S. government mandate to update all browsers by June 26 and another update warning this week as further vulnerabilities are discovered. But there's a very different Chrome threat to your PC, and it's much more difficult to find and fix. Already this month we have been warned by LayerX that 'a network of malicious sleeper agent extensions" are 'waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' A huge number of Chrome users have at least one extension installed, which is one of the browser's biggest security risks. Now Symantec warns that some of the most popular extensions it has analyzed, 'expose information such as browsing domains, machine IDs, OS details, usage analytics, and more.' The research team says 'many users assume that popular Chrome extensions adhere to strong security practices,' but that's just not the case. Symantec found that even some big-brand extensions 'unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information.' More alarmingly, 'because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping.' Bugcrowd's Trey Ford told me 'this is a very common way to compromise browsers for various outcomes, ranging from stealing credentials and spying on users, to simply establishing ways to very uniquely identify and track users across the internet. Ultimately this can manifest as a form of malware, and unavoidably create new attack surface for miscreants to attack and compromise a very secure browsing experience.' There's no easy answer to this one. Symantec says that while 'none of [the extensions] appear to leak direct passwords,' the data can still fuel attacks. 'The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks.' Symantec notified the developers behind the tested extensions (details in its report.) 'The overarching lesson,' the team says, 'is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share.' According to Keeper Security's Patrick Tiquet, 'this highlights a critical gap in extension security,' if and when 'developers cut corners.' He warns that 'transmitting data over unencrypted HTTP and hard-coding secrets exposes users to profiling, phishing and adversary-in-the-middle attacks – especially on unsecured networks.' The risk is especially acute for enterprises. 'Organizations should take immediate action by enforcing strict controls around browser extension usage, managing secrets securely and monitoring for suspicious behavior across endpoints. Just because a browser extension is very popular and has a large user base doesn't mean it's secure. Businesses must scrutinize all browser extensions to protect sensitive data and identities.'
Forbes
04-06-2025
- General
- Forbes
Delete All Google Chrome Extensions That Are On This List
Delete this threat immediately. NurPhoto via Getty Images Chrome warnings are again in the news this week, with Google confirming active attacks and issuing an emergency update for 3 billion users. The company also confirmed it had mitigated this threat by silently pushing out a config change to all users last week. Now a new warning from the team at LayerX has outed a silent threat of a very different kind. A 'network of malicious sleeper agent extensions" that seem 'to have all been developed by the same person or group, waiting for their 'marching order' to execute malicious code on unsuspecting users' computers.' LayerX joined the dots and flagged these specific extensions based on common code patterns, the same remote code execution to frustrate detection, and leveraging known malicious domains to carry out attacks. 'Capabilities that do not appear to have any legitimate use in relation to the supposed function of the extensions.' Thus far, four extensions have made this new naughty list — all of which 'seem to be focused on in-browser sound management' and all of which 'try to demonstrate legitimate functionality.' Critically, LayerX also warns that it is 'currently investigating several additional extensions that appear to be linked to this campaign.' This is the initial list of extensions to delete: As with other extension warnings seen in recent months, all those flagged by LayerX 'are still currently available on the Chrome Store.' I have reached out to Google for its view on these extensions and whether they will remain available on its store. It seems at least some of the extensions should have been removed already — clearly a requirement for tighter restrictions before extensions are made available to users. 'The extension 'Examine source code of Volume Max — Ultimate Sound Booster', with over one million downloads, has already been flagged by several [security] vendors. However, it was not removed from the Chrome Web Store.' While you should delete these extensions, they have been dubbed 'sleepers' because no malicious activity is yet underway. This is the threat potential given commonalities despite seemingly different developers, and those links to malicious domains. 'This type of 'sleeper' extension network,' LayerX warns, 'can serve as a substitute for traditional botnets. While building up botnets (usually on exposed IoT devices) can be slow, technically complex, and cumbersome, developing a network of malicious browser extensions is much simpler, and can provide direct access to key user identity information such as cookies, passwords, browsing data, and browsing content.' As users have been warned multiple times recently, extensions are a huge vulnerability when it comes to Chrome. A vast number of its users install at least one extension, both at home and at work, yet 'anyone can upload an extension, and it's virtually impossible to trace back the people behind these extensions.'
Techday NZ
29-05-2025
- Business
- Techday NZ
ExtensionPedia launches with risk scores for 200K browser add-ons
LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions. The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions. Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI. One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations. Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures. Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft." He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves." ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers. Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors. Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity. Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation. ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.
Forbes
28-04-2025
- Business
- Forbes
Rethinking Enterprise Security For The Browser-Centric Workplace
The growing role of the browser in enterprise workflows is reshaping cybersecurity priorities. The browser has quietly ascended to become the enterprise's most critical—and most vulnerable—point of exposure thanks to hybrid work, SaaS-driven operations, and everyday AI adoption. While security teams have long focused on networks, endpoints, and identities, the digital workplace has migrated to the browser itself, creating an expansive blind spot that traditional defenses were never designed to see, let alone secure. As organizations embraces flexibility and cloud-native workflows, the browser now governs access to sensitive data, manages interactions with GenAI tools, and mediates connections to countless sanctioned and unsanctioned SaaS applications. The stakes have never been higher, and yet browser-layer security remains an often-overlooked frontier. Sensitive data now routinely traverses browser sessions. Unauthorized apps—so-called "shadow SaaS"—are adopted by employees without security oversight. Identity credentials flow through browser tabs where malicious extensions, session hijacking, or phishing attacks can exploit them. According to Forrester Research, over 80% of employees now perform all or most of their work within a browser, reinforcing the idea that the browser is no longer peripheral—it's foundational. Or Eshed, co-founder and CEO of LayerX, explains, 'The browser is the nerve center of the modern workplace. However, traditional security solutions—such as endpoint protection, DLP, and SASE/SSE—do not provide adequate protection for the browser and the data that goes through it.' Despite this evolution, many enterprises still rely heavily on network-centric defenses like Secure Service Edge, which often lack visibility into encrypted browser sessions or the nuances of in-browser activity. This gap leaves organizations exposed to a new generation of threats. Securing browser activity presents a delicate balancing act. Organizations cannot simply lock down browser functionality without risking significant disruption to productivity and user experience. Replacing standard browsers with secure enterprise versions is one approach, but it often encounters fierce resistance from users unwilling to abandon familiar workflows. Meanwhile, network- and endpoint-based controls struggle to observe or govern the real-time user behavior inside browser sessions. Part of the challenge lies in the browser's unique position at the intersection of network security, endpoint security, identity management, and data protection. Traditional tools address parts of the problem but often fail to provide a cohesive, real-time defense at the browser layer itself. Eshed notes that the risk is not just from external attacks but also from user behavior. 'If you're under attack by an external attack vector, then where users spend most of their day is where that attack is most likely to happen. And if your primary concern is from user error, the browser is where that user error is most likely to occur.' Recognizing the browser's rising strategic importance, cybersecurity innovators are exploring multiple paths to mitigate the risk. Secure enterprise browsers aim to reimagine the browsing experience from the ground up, embedding governance and security controls into purpose-built platforms. However, these solutions often face adoption hurdles due to their disruption of familiar user workflows. A parallel movement focuses on integrating security natively into existing browsers through lightweight, enterprise-grade extensions. These approaches aim to deliver real-time visibility, control sensitive data flows, prevent malicious activities, and govern GenAI tool usage—all while maintaining a frictionless user experience. The growing interest in browser-native security reflects a broader trend: protecting the browser is a necessity for organizations operating in a perimeter-less, SaaS-first world. The strategic importance of browser security is increasingly visible in market dynamics. LayerX Security just announced an $11 million extension to its Series A funding round, led by Jump Capital, with continued participation from initial backers Glilot Capital Partners and Dell Technologies Capital, bringing its total raise to $45 million. While LayerX is one example, the funding reflects a wider acknowledgment from investors that browser security is emerging as a distinct and necessary pillar within enterprise security architectures. Enterprise adoption patterns reinforce this momentum. Organizations across industries are seeking solutions that provide real-time monitoring, control over data use in SaaS apps and GenAI tools, and protection against browser-based threats—without forcing users to abandon their preferred browsers or workflows. For CISOs and security architects, addressing browser-layer risk requires a fundamental rethink. Evaluating solutions means focusing on critical attributes: Security leaders must also be mindful not to replicate past mistakes—overcomplicating architectures or degrading the user experience in the name of protection. The most effective browser security solutions will be those that empower security teams while preserving the fluid, familiar workflows users expect. The browser is no longer just a portal to the web—it is the new perimeter of the enterprise. As SaaS and GenAI adoption accelerates, organizations must extend their security strategies to fully encompass the browser environment where today's work actually happens. Browser security is evolving from an overlooked necessity into a foundational pillar of enterprise security, alongside endpoint, network, and identity protections. Those who recognize and act on this shift early will be better equipped to navigate an increasingly complex and dynamic threat landscape—safeguarding users, data, and operations in the process.
Forbes
15-04-2025
- Forbes
Chrome, Edge, Firefox Warning—99% Of Browsers Now At Risk
Why you need to change your browser getty Sometimes the most dangerous risks are those we think least about, lurking behind the scenes in the apps and platforms we use daily. While the malware attacking our phones generates headlines, that's rarely the case with the permission abuse that affects most users, almost all of the time. And while secretive tracking and malware attacks on our browsers prompt update warnings and settings changes, that's still not true with a threat that's just as pervasive and is now a major threat to users worldwide. We're talking extensions, which have finally come into view in the last year as popular add-ons are hijacked to threaten those using them. And while Google is fighting back, it's clear that this attack surface remains wide open to exploit. That's certainly the new warning from the security research team at LayerX, which is in the business of securing enterprises from extension exposure. The team warns that 'most users don't realize that browser extensions are routinely granted extensive access permissions that can lead to severe data exposure should those permissions fall into the wrong hands.' And when those extensions are trivial, just as with mobile apps, that's an easy trojan horse into an enterprise. 'Users often use such extensions to fix their spelling, find discount coupons, or other productivity uses… This is particularly a risk to organizations since many organizations do not control what browser extensions users install on their endpoints.' This follows a similar warning from CrowdStrike a few weeks ago. 'While it's common for users to install browser extensions to tailor their online experience to better meet their needs and preferences, these tools also carry significant security risks. Browser extensions are yet another avenue that can be exploited by cyber attackers or act as a vehicle for malware.' Which means that 'to reduce the attack surface and limit potential vulnerabilities, users should install only essential browser extensions.' There are frequent warnings that connecting your own phone to your employer's networks and systems exposes the company to your own security weakness. The same is true of extensions. 'A compromised browser extension of an individual user can lead to exposure and breach of the organization as a whole.' Most people reading this will give little if any thought to extensions. But given the stark numbers in the research, you probably should. '99% of enterprise users have a browser extension installed in their browsers, and more than half (52%) of employees have more than 10 extensions installed.' And while official Chrome, Edge and Firefox stores are the 'most common source,' the threat 'is much wider than most users realize.' The numbers are frightening. LayerX Not to state the obvious, but this means that almost every organization is exposed, relying on corporate IT defenses to ensure endpoint integrity across all those users. Unless their desktops are completely locked down, which doesn't happen often. LayerX reports that '53% of enterprise users have installed a browser extension with 'high' or 'critical' risk scope, meaning that such extensions have access to sensitive data such as cookies, passwords, web page contents, browsing information, and more, putting users at risk of credential theft or data exposure.' And again, just as with mobile apps the red flags are all in plain sight. More than half of extension publishers hide behind little more than a free Gmail account, more than three-quarters have a single extension under their name, and most don't even have a privacy policy to review. While other browsers are vulnerable to extension abuse, this is really all about Chrome which dominates the install base. 'Securing Chrome browsers should be an organizational security team's #1 priority,' LayerX says. This is such a fragmented market that it's little surprise to read these findings. The vast majority (95%) of Chrome extensions 'have fewer than 10,000 installs' and only 0.2% have 'more than one million users.' There is not the same level of awareness and user savvy we see on mobile phones and apps, which are still highly vulnerable. As Bleeping Computer warned earlier this year, the recent exposure of cybercriminals hijacking extensions 'sheds a spotlight on the identity risks posed by browser extensions, and the lack of awareness that many organizations have about this risk.' The one key recommendation is that enterprises need a better sense of their risk. And that means auditing or shutting down their extensions in use. And home users should limit extensions to those they need and can categorically trust. 'Many organizations don't have a full picture of all extensions that are installed in their environment,' LayerX says. 'Many organizations allow their users to use whichever browsers (or browsers) they wish to use and install whatever extensions they want. However, without a full picture of all extensions on all browsers of all users, it is impossible to understand your organization's threat surface.'
