Chrome, Edge, Firefox Warning—99% Of Browsers Now At Risk
getty
Sometimes the most dangerous risks are those we think least about, lurking behind the scenes in the apps and platforms we use daily. While the malware attacking our phones generates headlines, that's rarely the case with the permission abuse that affects most users, almost all of the time. And while secretive tracking and malware attacks on our browsers prompt update warnings and settings changes, that's still not true with a threat that's just as pervasive and is now a major threat to users worldwide.
We're talking extensions, which have finally come into view in the last year as popular add-ons are hijacked to threaten those using them. And while Google is fighting back, it's clear that this attack surface remains wide open to exploit. That's certainly the new warning from the security research team at LayerX, which is in the business of securing enterprises from extension exposure.
The team warns that 'most users don't realize that browser extensions are routinely granted extensive access permissions that can lead to severe data exposure should those permissions fall into the wrong hands.' And when those extensions are trivial, just as with mobile apps, that's an easy trojan horse into an enterprise. 'Users often use such extensions to fix their spelling, find discount coupons, or other productivity uses… This is particularly a risk to organizations since many organizations do not control what browser extensions users install on their endpoints.'
This follows a similar warning from CrowdStrike a few weeks ago. 'While it's common for users to install browser extensions to tailor their online experience to better meet their needs and preferences, these tools also carry significant security risks. Browser extensions are yet another avenue that can be exploited by cyber attackers or act as a vehicle for malware.' Which means that 'to reduce the attack surface and limit potential vulnerabilities, users should install only essential browser extensions.'
There are frequent warnings that connecting your own phone to your employer's networks and systems exposes the company to your own security weakness. The same is true of extensions. 'A compromised browser extension of an individual user can lead to exposure and breach of the organization as a whole.'
Most people reading this will give little if any thought to extensions. But given the stark numbers in the research, you probably should. '99% of enterprise users have a browser extension installed in their browsers, and more than half (52%) of employees have more than 10 extensions installed.' And while official Chrome, Edge and Firefox stores are the 'most common source,' the threat 'is much wider than most users realize.'
The numbers are frightening.
LayerX
Not to state the obvious, but this means that almost every organization is exposed, relying on corporate IT defenses to ensure endpoint integrity across all those users. Unless their desktops are completely locked down, which doesn't happen often.
LayerX reports that '53% of enterprise users have installed a browser extension with 'high' or 'critical' risk scope, meaning that such extensions have access to sensitive data such as cookies, passwords, web page contents, browsing information, and more, putting users at risk of credential theft or data exposure.'
And again, just as with mobile apps the red flags are all in plain sight. More than half of extension publishers hide behind little more than a free Gmail account, more than three-quarters have a single extension under their name, and most don't even have a privacy policy to review.
While other browsers are vulnerable to extension abuse, this is really all about Chrome which dominates the install base. 'Securing Chrome browsers should be an organizational security team's #1 priority,' LayerX says.
This is such a fragmented market that it's little surprise to read these findings. The vast majority (95%) of Chrome extensions 'have fewer than 10,000 installs' and only 0.2% have 'more than one million users.' There is not the same level of awareness and user savvy we see on mobile phones and apps, which are still highly vulnerable.
As Bleeping Computer warned earlier this year, the recent exposure of cybercriminals hijacking extensions 'sheds a spotlight on the identity risks posed by browser extensions, and the lack of awareness that many organizations have about this risk.'
The one key recommendation is that enterprises need a better sense of their risk. And that means auditing or shutting down their extensions in use. And home users should limit extensions to those they need and can categorically trust.
'Many organizations don't have a full picture of all extensions that are installed in their environment,' LayerX says. 'Many organizations allow their users to use whichever browsers (or browsers) they wish to use and install whatever extensions they want. However, without a full picture of all extensions on all browsers of all users, it is impossible to understand your organization's threat surface.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
29 minutes ago
- Android Authority
Google Home is becoming a house of glitches, users say
TL;DR Google Home and Nest users are reporting a significant decline in reliability, with devices frequently misunderstanding commands or failing to respond at all. Core features like controlling lights, routines, and speaker groups seem to be breaking down. While the exact cause of the downgraded experience is unclear, users suspect upcoming Gemini updates are to blame. Google's smart speakers and hubs appear to be steadily declining in performance. A recent Reddit thread has highlighted just how these devices, especially older Nest hubs and speakers, have become more unreliable over the years, and it's not the first time users have voiced these concerns. 'Now, I can barely get it to understand any command, or do anything that I could before. Nothing works, and all I get is – Sorry, something went wrong, try again later,' wrote a frustrated user. Users are reporting problems ranging from misheard commands and delayed responses to devices performing the wrong actions or entirely ignoring instructions. Everyday tasks like turning lights on or off, playing music in specific rooms, or running morning routines simply don't work like they used to. Are your Google Home or Nest speakers and hubs still working as expected? 0 votes Yes, everything works fine. NaN % Mostly, some minor issues, but nothing major. NaN % Not really, frequent glitches or failed commands. NaN % No, they've become nearly unusable. NaN % I've already stopped using them. NaN % What's concerning is that these aren't just a few isolated complaints. It seems to be a pattern affecting users who have invested heavily in Google's smart home hardware. Features that once worked without a hitch, like controlling speakers in multiple rooms or triggering routines based on voice recognition, have become erratic or completely non-functional for many. One user described how they can no longer play white noise in their child's room. Instead, the sound plays in whatever room they happen to be standing in. Another user shared a strange issue where asking for the weather gives different results depending on who is speaking in their home. 'I ask for the weather, and it responds correctly every time. My wife asks for the weather, and it literally picks wherever it wants. Yesterday it was Eddyville, Kentucky. Today it picked Shawnee, Oklahoma. We don't even live in that state,' reported another user. Some users have also reported bizarre malfunctions. One person said that whenever they ask their Google device to turn off a fan, it turns off all the lights instead. Another user described how a simple request to turn off bedroom lights leads to shutting off every light in and around their home. While the exact cause of these issues is unclear, the common theme is that Google's smart home devices, especially older models, seem to be getting worse over time. Some users suspect that updates related to Google's upcoming Gemini integration are to blame. Others think it could be a deliberate move to phase out older hardware in favor of new devices. Whatever the reason, one thing is clear. Many Google Home users are no longer getting the smart experience they signed up for, and they are not happy about it. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
Tom's Guide
an hour ago
- Tom's Guide
Made by Google 2025 — Pixel 10, Pixel Watch 4 and what else could appear
A date's been set for the next Made by Google event. Now it's just a matter of figuring out which hardware will be appearing at the annual showcase for the company's latest releases. Google sent out invites for the August 20 event last week, marking the second year in a row that Google's launch event would be held in the summer. Previously, Google held its product launches in early October, so that new phones, smart watches and other gear would be on hand for the holiday shopping season. The event takes place at 1 p.m. ET / 10 a.m. PT / 6 p.m. BST on August 20, with Google holding the launch in New York. There's no details yet on a Made by Google live stream, though we'd expect that you'll be able to watch all the product news on Google's YouTube channel. As to what the company plans to announce at Made by Google, there's not a lot of mystery as to potential product launches. New Pixel phones always seem to be the centerpiece of Google's hardware event, and there are enough rumors about the Pixel 10 — including teasers from Google itself — to suggest that a launch is imminent. The timing of Google's August 20 event would also seem to line up with a Pixel Watch release, as Google readies an update to its smartwatch lineup. There's also talk of new accessories at Made by Google as well as a few surprise reveals. We're now less than a month away from Made by Google 2025. Here's a look at all the possible announcements that we know of right now. Check back for updates as we get closer to the event itself. The standard Pixel 10 phone could be the biggest announcement at Made by Google, as it appears to be the recipient of the most significant changes. Specifically, rumors point to the entry-level flagship gaining a dedicated telephoto lens after Google previously restricted that feature to its Pro phones. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Renders for the Pixel 10 certainly show off a third rear lens, though rumors suggest it won't match the resolution of the 48MP zoom camera on the Pro phones. Nevertheless, adding a telephoto lens would put the Pixel on par with the Galaxy S25, another phone in the Pixel's price range that offers a zoom camera. The Pixel 10's ultrawide camera could also turn to a lesser sensor than the one inside in the Pixel 9. As for other changes, we're expecting a Tensor G5 chip that ushers in new AI capabilities. Google's silicon might be moving to a 3nm process, which would mean a boost in performance and power efficiency over the 4nm Tensor G4, though another rumor posits that the G5 will also be a 4nm chipset. While the Pixel 9a dropped Google's distinctive camera bar, that feature seems to be returning based on renders of the Pixel 10. We're once again expecting a 6.3-inch display. Google dropped its own Pixel 10 teaser ahead of the August 20 hardware event, and the back of the phone in Google's image is consistent with all of these rumors — including the probability of a third rear camera appearing on that phone. Besides the Pixel 10, expect a new batch of Pro models, with Google tipped to feature the same sizes as last year. That would mean a 6.3-inch Pixel 10 Pro, a 6.8-inch Pixel 10 Pro XL and a Pixel 10 Pro Fold with a foldable display similar to the design of the just-announced Galaxy Z Fold 7. The Pixel 10 Pro Fold's cover display could be larger, even if the main screen remains at 8 inches. One display change set for the Pro models could be improved Pulse with Modulation Dimming, a change that would combat eye strain. Like the standard Pixel 10, the Pro models are expected to turn to the Tensor G5 chipset, with the added bonus of a vapor cooling chamber to help performance. Google could also be lining up larger batteries for all three Pro models, addressing the longevity gap between Google's Pixel phones and leading flagships from Apple and Samsung. Where Pixel phones debut, Pixel Watches often follow. The 2024 Made by Google hardware event saw the Pixel Watch 3 join the Pixel 9 announcement, so we wouldn't be surprised if the Pixel Watch 4 debuts alongside the Pixel 10 phones. We could be surprised by new features, though as Pixel Watch 4 rumors haven't told us much about what to expect. Leaked renders have hinted at a thicker device that offers thinner bezels. The 41mm and 45mm sizes that debuted with the Pixel Watch 3 are set to return. Other details have hinted at additional buttons and wireless charging support. And we'd count on the Pixel Watch 4 introducing new health and fitness tracking features to make the device a more appealing alternative to the Fitbit business Google is slowly winding down. The Pixel Buds A-Series debuted in 2021 as a lower-cost version of Google's Pixel Bud wireless earbuds. A sequel could be coming at Made by Google in August, with a leak earlier this month promising new colors for what's being called the Pixel Buds 2a. A new color shade has also been tipped for the Pixel Buds Pro 2. Apart from the new colors, there's been no rumors about new features for the earbuds, though leaked pricing indicates a €40 price hike in Europe from the current Pixel Buds A-Series. The new version of Google's phone software arrived earlier than usual this year, meaning that the Pixel 10 phones will almost certainly ship with Android 16 pre-installed. The only question is whether a new software interface will arrive with it. Google previewed Material 3 Expressive in May, showing off the fluid and bouncy look along with added personalization features. At the time, Google said the interface update would show up on software "later this year," and the August 20 Made by Google date would certainly fall in that description, even if the event figures to primarily focus on hardware. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Android Authority
3 hours ago
- Android Authority
Poll: Which leaked Pixel 10 colorway is speaking to you the most?
Android Headlines Google's new Pixel 10 lineup is coming next month, and as usual, leaks are pouring in from all corners. The latest one gives us a sneak peek at four rumored colorways for the standard Pixel 10: Obsidian, Indigo, Frost, and Limoncello. Honestly, we're pretty excited about that palette. Which leaked Pixel 10 colorway do you like the most? 0 votes Obsidian NaN % Frost NaN % Indigo NaN % Limoncello NaN % I don't like any of these colors. NaN % The Indigo color is especially eye-catching, bringing back memories of the limited edition 'Really Blue' from the original Pixel. Meanwhile, Limoncello is a fresh, playful greenish-yellow shade, reminiscent of its namesake Italian liqueur. Frost is also not your typical white, but white with a tinge of purple. Of course, there's also Obsidian for those who like to keep things simple and clean. If these are indeed the colors of the new Pixel 10, we're pretty happy with the choices. Which one of these speaks to you the most? Are you feeling the blue? Or are you more of a Limoncello person? Take our poll and let us know more in the comments below. You might also want to check out the results of a company-wide poll we conducted about our favorite Pixel colorways. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
