Risky Bulletin Sponsored: The challenge of managing browser extensions
Sep 14, 2025
David Cottingham and Daniel Schell from Airlock Digital shed light on the complexities of managing browser extensions in enterprise settings. They discuss the security risks posed by third-party extensions and the crucial need for better oversight. The duo dives into the importance of a reliable extension management strategy, effective asset inventory, and the role of collaboration with security vendors. They also highlight Airlock's innovative features for enhanced control and integration, making it easier for organizations to navigate these challenges and protect sensitive data.
AI Snips
Chapters
Transcript
Episode notes
Browser Extensions Create A Shadow Environment
- Browser extensions create a second operating environment inside the browser that bypasses traditional enterprise visibility.
- Third-party extensions can exfiltrate data and run code outside the hardened browser shell.
AI And Low‑effort Extensions Drive Risk
- The AI extension boom and easy 'vibe coding' mean many extensions lack security design.
- Browsers expose around 97 extension permissions, including high-risk capabilities like screen capture and desktop access.
Adopt Allow‑Listing For Extensions
- Do apply application allow‑listing for browser extensions and only permit a vetted set.
- Deny-by-default reduces reliance on store policing and stops users choosing risky extensions.