Much of a developer’s work now lives in the browser, with tabs for GitHub, cloud consoles, CI/CD, and internal tools all authenticated and open at once. Browser extensions sit on top of this environment with broad permissions, often including access to page content, network requests, and session data. That combination makes them one of the most attractive targets for attackers.
A single browser extension played a large part in the attack chain in the Vercel breach earlier this year, and it won't be the last time. This article covers how extensions actually work, why the controls most organizations rely on fall short, and what does work at both the individual and organizational level.
I’ll be brief on definitions, but in short, browser extensions expand your browser's functionality in fun ways by installing software with serious browser privileges.
Extensions are built on web APIs and run inside the browser process itself. A manifest.json file declares what permissions the extension wants at install time. Background service workers run persistently, handling network requests and communication with external servers. Content scripts inject into the page DOM separately, giving an extension direct access to everything rendered in the browser.
When you grant an extension access to "all sites," you're giving it read and write access to every page the browser loads, including authenticated sessions, form inputs, and API responses in transit. They can see a lot. Extensions can't crack open a password manager's vault directly, but they don't need to. With the right host permissions and content script injection, they can intercept autofill events and read form field values before submission. They can capture credentials as you type if passwords are in plain text in the HTML source code (which happens more than one would hope).
Another security issue with browser extensions is that they update silently and automatically, with no prompt for consent. Unlike most software that bugs you to approve updates, the only time an extension will notify you is if it needs additional permissions beyond what it already has. An extension that was clean last month could receive a malicious update tonight, and every user with it installed would get it automatically.
People have been saying “the browser is the new desktop” since at least the launch of Chrome, and it’s not far off for developers. If that’s true, then extensions are the applications running on that desktop, with access to GitHub and AWS consoles.
Cookies are one of the vulnerable pieces. Session cookies can be exfiltrated and replayed, giving an attacker access to everything the victim is authenticated into from anywhere. So to an attacker, persistent access to authenticated browser sessions is pretty valuable. Glassworm is an ongoing supply chain attack that has compromised hundreds of projects across GitHub, npm, and VS Code. In a 2026 development, discovered by Aikido's security research team, the campaign deployed a malware that specifically installed a browser extension to steal session cookies and tokens from browser sessions. The attacker knew an extension would be an easy way to steal that data!
It’s also relatively easy to create and publish bad extensions. For the most part, the Chrome Web Store vetting process is minimal, and updates to already-published extensions receive little scrutiny after the initial review. For example, researchers in India built and submitted actual malicious extensions to both the Chrome Web Store and Firefox Add-ons Store between January and March 2025, and several got through. They tested nine extension types covering cookie stealing, keylogging, screenshot capture, browsing history tracking, camera activation, ad injection, and Gmail inbox access. Firefox let almost everything through, especially when malicious behavior was bundled inside something that called itself a productivity tool.
Extensions can also quietly be bought and sold. The Great Suspender is the canonical tale of transferring ownership gone wrong. It was a beloved, widely installed tab management extension. The author, exhausted from years of maintaining the extension for no pay, sold it to someone else (the classic story of underappreciated maintainers). The new owner pushed updates that introduced tracking and ad injection. By the time researchers flagged the new behavior, it had been on millions of browsers for weeks.
Browser extensions have been culpable in some major attacks in recent years. Some held malicious payloads, others were simply compromised.
Take the Vercel breach earlier this year. A Vercel employee had previously installed Context.ai's Chrome extension and given it OAuth access to their Google Workspace. Then, an employee of Context.ai installed malware and compromised their accounts. The malware stole credentials and OAuth tokens stored in Context.ai’s backend, including the Vercel OAuth token, then the attacker turned around and used the token to break into Vercel's internal systems.
While other insecure practices are at play here, such as not reviewing and revoking overly powerful and longstanding OAuth authorizations and environment variables that should have been marked as sensitive, the Chrome extension was the entry point. The extension itself wasn’t malicious, but it had access to sensitive data and was compromised.
The Cyberhaven breach in late 2024 is a story of an extension becoming malware, where Cyberhaven's Chrome extension was compromised via a phishing attack on a developer account. A malicious update was pushed to all users and was live for 24 hours before anyone caught it.
In both cases, browser extension access was the first step that made everything else possible.
Many organizations have no formal extension policy. Those that do will often try to either block everything (which developers and tech-savvy people just get around) or rely on a manually maintained allowlist that's always somewhat out of date.
Getting the list curated and up-to-date has some obvious barriers. About half of extension authors are unknown and are validated only with a Gmail address, and 4 out of 5 publishers have only one extension. So, managing extensions based on reputation only works for a small portion of extensions, and even major companies publish extensions that aren’t squeaky clean.
Researchers, as part of an anonymous research report, caught 287 extensions with a combined 37.4 million total installs exfiltrating browsing history. The only way to detect it was behavioral traffic analysis, so just reading the descriptions wouldn’t have flagged them. Many of the extensions involved were familiar names.
Not to mention that extensions can update or change hands silently. It’s impossible to stay current with a manual process of reviewing extensions.
Browser extensions are pretty high risk by the nature of how they work, but we still have ways to make using them safer, without totally banishing them.
On an individual level, there are some straightforward precautions to take:
The above works well for your personal computer or a tiny team, but this doesn’t really scale, nor is it possible to enforce this across a company. At the organizational level, the systems that work look like this:
Not all device management tools support this type of browser extension management, so you need to check the features of your MDM tool to see if it covers them.
Aikido Endpoint is a solution that works for this model for browser extension security. It’s a lightweight agent built for the developer device attack surface that covers these bases. It blocks known malicious extensions before they install, enforces a 48-hour hold on newly published extensions, and gives security teams visibility into what's installed across every developer device, with team-level policy controls and an approval workflow that keeps developers unblocked. Coverage extends beyond browser extensions to npm, PyPI, IDE extensions, and AI agent marketplaces.
The Vercel breach will not be the last incident where browser extensions are part of the kill chain. The attack surface is just too valuable, so both individuals and companies need to be prepared.
The same rigor that gets applied to open source dependencies belongs here, too, and the organizations that treat it that way will be in a much better position than those waiting for an incident to force the conversation.
Learn more about Aikido Endpoint or explore the Aikido Intel feed to see what’s been detected across the open-source ecosystems in real time.
{{cta}}
What makes browser extensions a security risk?
Browser extensions run inside the browser process itself and can request broad permissions at install time. An extension with access to all sites can read page content, intercept network requests, and access authenticated sessions across everything you do in the browser. That includes internal tools, cloud consoles, and any credentials or tokens that pass through a page. The permissions model is powerful by design, and that power is what makes extensions attractive to attackers.
Can a browser extension steal my passwords?
Not always directly, but often effectively. Extensions can’t crack open a password manager's encrypted vault, but they don’t need to. With the right host permissions and content script injection, an extension can intercept autofill events and read form field values before submission. If credentials appear in plain text in the HTML source at any point, an extension with content script access can read them. A sufficiently privileged malicious extension can capture credentials as you type them.
Do browser extensions update automatically?
Yes, and without asking for your consent! Unlike most software that prompts you to approve an update, browser extensions update silently in the background. The only exception is when an update requests additional permissions beyond what was originally granted. A clean extension that receives a malicious update tonight will propagate that update to every user automatically. You would have no way of knowing unless you were actively monitoring extension behavior.
How can I tell if a browser extension is safe to install?
There is no single reliable signal, but there are a few things you can check. Look at what permissions the extension requests and whether they match what the extension actually needs to do. Check if the publisher is well-known. When in doubt, treat the decision the way you would treat adding an unfamiliar dependency to a production codebase.
Why doesn't endpoint detection catch malicious browser extension activity?
Most Endpoint Detection and Response tools miss browser extension threats because everything a malicious extension does looks like Chrome doing normal Chrome things. The network requests and the DOM access happen inside the browser process and is indistinguishable from legitimate browser activity at the system level.
How do I manage browser extension security?
Organizations should prioritize behavior-based controls over identity-based controls. Maintaining a manual allowlist of approved extensions does not account for silent updates or ownership transfers. What works is pre-install blocking against a continuously updated threat intelligence feed, ongoing behavioral monitoring so that changes to already-installed extensions get caught, and company-wide visibility into what is actually installed across devices. Policies also need to account for the fact that engineering, sales, and finance have different risk profiles and different extension needs.
Are Chrome extensions safe? Chrome extensions aren't inherently unsafe, but they carry real risk by design. The permissions model gives extensions broad access to browser activity, and the Chrome Web Store's vetting process is minimal. An extension that looks fine at install time can receive a malicious update, get sold to a new owner, or be compromised through its developer's account. Safe or not depends heavily on the specific extension, its publisher, and what permissions it's asking for.
Can companies monitor browser extensions? Most organizations have limited visibility into what extensions are installed across their fleet and what those extensions are doing. MDM tools can enforce allowlists but don't catch behavioral changes after install. EDR tools miss most extension activity because it's indistinguishable from normal browser behavior at the system level. Dedicated tooling that sits on the device and checks installs against a live threat intelligence feed is the most reliable approach currently available.
How does Aikido Endpoint help with browser security?
Aikido Endpoint sits on the device and inspects every extension install before it happens, blocking known malicious extensions automatically against Aikido Intel, a continuously updated threat intelligence feed. It also enforces a 48-hour block on newly published extensions, which is when new threats are most likely to slip through undetected. Security teams get visibility into what is installed across every developer device, with team-level policy controls and an approval workflow that keeps developers unblocked. Browser extension monitoring is included in Endpoint's paid tier, alongside coverage for npm, PyPI, IDE extensions, and AI agent marketplaces.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。