Everyone knows that the browser extension is built into almost the daily workflow of each user: from the spelling to the Genai tools. Most of them and security do not know that excessive browser permits are an increasing risk to organizations.
Layerx today announced the release of the enterprise Report on Browser Expanders 2025This report is the first and only report to combine public expansion statistics through the real world’s telemetry. By doing this, it sheds light on one of the most underestimated threat surfaces in modern cybersecurity: expansion of the browser.
The report shows several conclusions that IT and security executives will submit interesting because they are building their plans for H2 2025. This includes information and analysis of how many risky permits are given when expansion developers must trust and much more. Below we bring key statistics from the report.
Highlights from the Enterprise Browser Extension Report 2025
1. Extension of the browser ubiquitous in enterprises. 99%, almost all employees set the browser extension. 52% are installed more than 10 extensions.
Security analysis: Almost all employees are at risk of expanding the browser.
2. Most extensions can access critical data. 53% of business extensions can access sensitive data such as cookies, passwords, web pages, viewing information and more.
Security Analysis: A compromise at the level of employees may jeopardize the whole organization.
3. Who publishes these extensions? Who knows? More than half (54%) publishers are unknown and found only through Gmail. 79% of publishers published only one extension.
Security Analysis: Tracking extensions is difficult if possible with IT resources.
4. Expanding Genai – This is an increasing threat. More than 20% of users have at least one Genai extension, and 58% have high -risk resolution.
Security Analysis: Enterprises must determine the clear use of Genai expansion and exchange.
5. The necessary and unknown browser extensions are increasingly concerned. 51% of the extensions have not been updated for more than a year, and 26% of the enterprise extensions are loaded, bypassing even the main shop check.
Security Analysis: Expanders can be vulnerable, even if they are not purposefully harmful.
5 Safety Recommendations and IT
The report not only provides data, but also provides valid security recommendations and IT chamonds, recommending to fight the threat of browser expansion.
That’s what Layerx advises organizations:
- Audit of all extensions – A complete picture of the extensions is the basis for understanding the surface of the threat. Thus, the first step in providing the height of the malicious browser is an audit of all extensions used by employees.
- Classify extensions – Some types of extensions that make them attractive for the attack. This may be due to their extensive user base (such as Genai extensions) or with -the permits provided by such an extension. Categorizing extensions can help evaluate the browser security posture.
- List permission permits – The next step is to list information about expanding information that can access. This helps further display the attack surface and set up a policy later.
- Evaluate the risk of expanding – Now the time has come at risk. This means risk assessment for each extension based on their permits and information they can access. In addition, the risk assessment of the risk includes external parameters such as reputation, popularity, publisher and installation method. Together, these parameters must be combined into a single risk assessment.
- Apply Adaptive, Based on Risk Execution – Finally, organizations can use their analysis to apply an adaptive, risk -based implementation policy, taking into account their use, needs and risk profile.
Access to the report
The browser extension is not just a performance tool, but also a vector of attack that most organizations do not know. The Layerx 2025 report provides comprehensive conclusions and analysis due to the data to help CISOS and security groups strengthen in this risk and create protection in the browser.
