Browser extensions are leaking private data about your organization. Many request an excessive amount of data from users and resell it. Some even track every URL your users visit.
For consumers, this kind of visibility into internet usage is a major violation of privacy. But in enterprise, it’s much worse. URLs collected from extensions can expose:
- Your product and design roadmap
- Your sales targets
- Details about your internal infrastructure
- Credentials and tokens
- Business metrics (e.g. number of customers)
These are sold by "market research" firms to … anyone.
This means your Sales, Design, Engineering and other teams are potentially leaking critical business data that can be used for competitive corporate espionage, infiltration by hackers, or other hostile exploitation.
That’s why we’re launching Extension Monitor to help IT and Security teams track browser extension installations in real-time. Extension Monitor is easy to install, gives you organization-wide visibility into installed browser extensions, and determines which ones need to be removed.Extension Monitor is launching today with support for Chrome on both macOS and Windows and will soon be adding Firefox, IE, Safari, Brave, and others. Sign up today!
Do you know what extensions your internal users have installed and what permissions they’ve given away?
Many knowledge workers in your organization use some sort of browser extensions to do their jobs. Extensions represent a huge productivity boost to their users, so a draconian restriction on all extensions will not only frustrate your employees, but also impact executing on the goals of the company. The solution is to weed out the extensions leaking data from the safe ones. But with about 200,000 Chrome extensions and growing, it’s impossible for IT teams to keep up with researching and allow-listing or block-listing them. We’re here to help sort that out.
User-installed browser extensions are an often overlooked vector of attack and entry into organizations. Get started now with Extension Monitor to gain visibility into your internal users’ extensions and immediately begin reducing your organizations attack surface.
Future posts will dive deeper on specific threats. Sign up to get notified when new posts become available.