If you’re like most of us, you’ve downloaded the perfect browser extensions to make your job easier, whether that’s time-saving keyboard short-cuts or improved functionality and extra features beyond what come standard with your web browser.
But what would happen if in doing so, you introduce malware to spy on your company’s devices and track your employees’ browser history?
Well, that’s just what happened to millions of people who were caught up in this malicious browser extension cyberattack.
Browser extensions, also commonly known as add-ons or plug-ins, allow individual employees to check their grammar, compare product prices, protect passwords, control email flow, automate scheduling, translate text, get weather forecasts, add emojis, and record video, and many other functions for a customized browser user experience.
They have become so embedded in today’s workplace environments that they’re now considered to be indispensable tools that help millions of people do their jobs more quickly and easily.
In fact, 99 percent of employees are running browser extensions, according to a newly released Enterprise Browser Extension Security Report 2025 by browser security firm LayerX.
Despite their widespread use, web browser add-ons can also potentially expose your organization’s sensitive personal information and proprietary business data to cybercriminals looking to exploit such information for financial gain.
In this article, we’ll explain how bad actors were able to carry out the most recent browser extension attack. We’ll also explore some of the advantages of browser extensions and detail best practices to protect your business against the security risks they present.
With this information, your team will be able to continue enjoying the benefits of browser add-ons, while having the information needed to spot the red flags and keep your business and data safe.
Browser extensions have exploded in popularity. Workers have come to rely on them to streamline workflows, boost productivity, manage internal and external communication, simplify repetitive tasks—and much more.
In fact, there are currently more than 100,000 browser add-ons, with Google Chrome being the post popular web browser. They range from IT security tools to simple keyboard shortcuts, and everything in between.
Some popular browser extensions include:
While they can make tasks easier and faster to complete, browser extensions also come with significant risks.
Related Article: 8 Hidden Cyber Risks That Might Be Lurking Within Your IT Environment
In the latest browser hijacking campaign, millions of Google Chrome and Microsoft Edge users were fooled by a malicious dupe of a legitimate Chrome color picking tool.
The add-on is used to simplify matching and selecting a color from an image and applying it to a design to create a uniform color scheme.
The tool, called “Color Picker, Eyedropper — Geco colorpick” even displayed Google’s verified badge to further increase believability. In addition, it was prominently featured in the Chrome Web Store, thanks to its high user rating.
Following the malicious extension update on June 27, the fake add-on was downloaded more than 100,000 times. Researchers later discovered that 18 add-ons were corrupted, including extensions for VPNs, Youtube unblockers, weather forecasts, and more.
In all, an estimated 2.3 million end users across Chrome and Edge were impacted, according to published reports.
Users were none the wiser about the deception because the tool functioned as usual.
This is not the first time this type of cyber incident has happened. In a similar supply chain cyberattack earlier this year, about 2.6 million users worldwide were affected.
In that attack, which targeted 33 Chrome extensions, threat actors launched a large-scale phishing campaign in which they sent out fake emails pretending to be from Google’s Chrome Web store.
Instead, the phishing emails contained malicious links to have users be unknowingly redirected to sites controlled by the attackers who then stole their credentials.
Related Article: How Token Theft Bypasses MFA & How Conditional Access Can Reduce Risk
Although browser extension security has been an ongoing concern, those security risks are amplified because of the more sophisticated tools being used by cybercriminals. Attackers often use complex trojan horses that masquerade as authentic browser extensions and morph into malware that can infect your systems.
Such stealth attacks can allow threat actors to track your online activity, compromise your data, steal session tokens and cookies to hijack user sessions, and launch malicious code to further the attack through ransomware, spyware, or other backdoor methods.
Of the millions of users running browser extensions, over half (52 percent) are using more than 10 add-ons, according to the LayerX report findings.
In addition, the report found that 53 percent of the add-ons that were running in enterprise environments were granted “high” or “critical risk” access permissions.
Browser add-ons can expose user information such as cookies, passwords, and browsing history. Since Chrome automatically updates browser extensions in the background, such broad access could potentially leave your business vulnerable.
Once attackers gain unauthorized access to your systems, this can create an opening for them to launch future attacks by redirecting other web searches to fake sites.
Keep in mind, however, that Google and Edge aren’t alone in such attacks. Mozilla Firefox, open source web browser Chromium, and even content management sites such as WordPress have all been affected, among others.
Attackers have sharpened their skills in being able to exploit security weaknesses—including human trust—by secretly injecting malicious code into what were previously safe (whitelisted) browser extensions.
In this way, once popular and approved browser add-ons can be corrupted, giving threat actors a chance to infiltrate your systems and steal or compromise your data.
This means that implicit trust is no longer an option.
To help safeguard your proprietary business data and the sensitive personal information of your employees, customers, and partners, here are some effective security measures:
Related Article: Why Are Businesses Moving To Zero Trust? Your Roadmap To A ZT Strategy
After reading this article, you now understand how web browser extensions can be a double-edged sword.
While they provide many conveniences, streamline functionality, and boost productivity, they also carry increasingly significant security risks to your business.
We write articles like this to help small and medium-sized businesses like yours get useful technology-related information to help them make the best IT decisions for their organizations.
Do you know what your current security posture is? Use our cybersecurity checklist to:
✔️Understand where your organization's cybersecurity policy needs improving
✔️Learn actions you can take to keep your organization's data secure
✔️Help ensure your organization follows the latest cybersecurity best practices