Risky Bulletin Sponsored: Hardening the browser
Jun 15, 2025
Michael Leland, the Field CTO of Island, dives into the critical need for secure browsing in enterprises. He discusses how traditional browsers fall short, especially against threats from malicious extensions and phishing attacks. Leland emphasizes the importance of enforcing Manifest V3 to ensure tighter controls on extension permissions. Moreover, he highlights proactive measures like multi-factor authentication and specialized enterprise browsers to safeguard corporate credentials, proving that even stolen credentials don't have to lead to disaster.
AI Snips
Chapters
Transcript
Episode notes
Enterprise Browser vs Consumer Browser
- Consumer browsers are not built with enterprise-grade security or data protection in mind.
- Enterprise browsers remove consumer code vulnerabilities and add specialized security and user experience features.
Cyber Haven Extension Compromise
- A compromised Cyber Haven extension was manipulated and uploaded malicously to the Chrome store.
- About 400,000 users downloaded it exposing tokens, cookies, and credentials.
Control Extension Permissions
- Govern where and when browser extensions operate to reduce attack surface.
- Disable risky extensions in sensitive business applications and isolate data in a secure enclave.