The browser has quietly become one of the most important attack surfaces in the modern enterprise. For years it was treated as just a window to the web, but today it concentrates the bulk of daily work — email, CRM, ERP, ticketing, documentation, Microsoft 365, Google Workspace, SaaS apps, cloud portals and generative AI tools.
This completely changes the risk model. The browser is no longer just a viewer. It's where users authenticate, keep sessions open, copy and paste sensitive data, authorise applications, consult documents, enter credentials and work with assistants like ChatGPT, Copilot, Gemini, Claude, DeepSeek and Perplexity.
In that context, browser extensions are no longer a minor detail. A malicious, compromised, or simply over-permissioned extension can become a privileged observer inside the very environment where the company works.
It can look like an innocent tool that summarises emails, translates text, polishes messages or connects to a GenAI assistant. But with broad permissions it can also read page content, watch forms, capture prompts, interact with SaaS apps, access browsing data or send information to external servers.
The problem is not theoretical. Recent international research has documented browser extensions with GenAI branding that intercepted prompts, monitored emails, exfiltrated passwords and stole conversations from services like ChatGPT and DeepSeek. The trend is clear: attackers are leveraging the rapid adoption of AI to distribute extensions that look productive but introduce real risk inside the browser.
For an enterprise, this turns browser security into a top-tier concern. MFA, EDR and password policies are not enough on their own. If users live every day inside an authenticated web session, and that session can be observed by an extension nobody has reviewed, there is an attack surface that needs governance.
Why the browser is the new enterprise perimeter
The classic network perimeter lost most of its weight when critical applications moved to the cloud. Today many organisations no longer reach their systems from a closed internal network — they reach them from a browser authenticated against dozens of SaaS services.
That means a meaningful share of risk has shifted to identity, session and device. A user might be off-site, on a personal laptop, with a browser synced to a personal account, simultaneously accessing corporate email, CRM, internal documentation and AI tools.
In that scenario the browser becomes the convergence point of identity, data and applications. If an attacker can influence what happens inside the browser, they can bypass controls that were traditionally considered sufficient.
For example, an organisation may have MFA enabled on Microsoft 365 and still suffer a compromise if an already-authenticated session is stolen. It may have document classification policies but lose control when users paste sensitive content into unevaluated AI extensions. And it may have EDR deployed correctly but lack visibility over which extensions are installed, what permissions they hold, and what data they can see.
This is why enterprise browser security should be part of a modern strategy that combines identity and Zero Trust posture, SaaS protection, and continuous SOC operation.
What makes a browser extension dangerous
A browser extension is code that runs inside the environment where the user browses and works. Not all extensions are dangerous, but many need broad permissions to operate — and that's where the problem starts.
An extension can request permission to read and modify visited pages, observe URLs, access tabs, interact with forms, communicate with external servers or inject scripts. In some cases these permissions are necessary for the promised functionality. In others they are excessive or simply abusive.
From a security standpoint, a high-privilege extension looks like a small privileged application running inside the browser. It can see content before it reaches corporate control systems, operate inside an already-authenticated session, and interact with critical applications without the user noticing anything unusual.
The hard part is that the risk is not always evident. An extension can have good design, thousands of installs, positive ratings and a convincing description. It can be published in an official store. None of that guarantees it behaves appropriately in a corporate environment.
Extensions are not static either. A single update can introduce new behaviour, request more permissions, or change ownership. Something acceptable today can become a risk tomorrow if its supply chain or its developer is compromised.
GenAI accelerated the problem
The rise of generative AI multiplied the appeal of this vector. Extensions appeared promising to summarise emails, answer messages, translate documents, polish text, automate LinkedIn, plug language models into any page or surface ChatGPT inside web forms.
The catch is that, to deliver those features, many extensions need access to exactly the data an enterprise wants to protect: emails, documents, conversations, CRM, tickets, prompts, generated answers, forms, internal pages and clipboard content.
This expands the Shadow AI conversation. It's no longer enough to ask which AI tools employees use. You also have to ask which AI-related extensions are installed in their browsers, what permissions those extensions hold, what data they can read, and whether security, legal or compliance has ever evaluated them.
An AI extension that summarises emails is reading email. An extension that helps write proposals is reading commercial content. An extension that improves prompts can capture every prompt. An extension that operates across the whole browser can observe more than the user realises.
This connects directly to the broader risk space we cover in our AI security for companies service — the same governance gaps that affect AI agents, MCP integrations and corporate copilots.
The critical risk: session theft, even with MFA
MFA remains an essential control. It dramatically reduces password-theft risk and should be in place across any corporate environment. But MFA does not solve every session-hijack scenario.
The reason is simple: MFA mainly protects the moment of authentication. Once a user has logged in, the browser receives cookies, tokens or artefacts that keep the session active. If an attacker can steal or replay those elements, they can reach the account without knowing the password and without necessarily repeating the full authentication flow.
That's why infostealers and malicious extensions are so dangerous. The goal is no longer always to steal the password. Sometimes the goal is to steal the session.
The attack chain can start with something as simple as installing a seemingly useful extension. The user logs into email, CRM or a SaaS tool. The extension, with sufficient permissions or malicious behaviour, observes content, captures data or interacts with the session. The attacker then tries to use that information to gain access, move laterally between services, download data or prepare a more targeted fraud.
A mature identity strategy shouldn't stop at "we have MFA". It should also review session lifetime, token revocation, conditional access, device compliance, infostealer protection, anomaly detection and extension control. For organisations running primarily on Microsoft 365, a focused Microsoft 365 security audit usually surfaces these gaps quickly.
Not all dangerous extensions are the same
It's worth resisting the simple narrative that risk only comes from extensions built from day one to steal data.
There are outright malicious extensions designed to impersonate productivity tools, AI assistants, translators, downloaders or browsing utilities. Their goal is clear: steal information, intercept content, exfiltrate data.
But there are also legitimate extensions that become dangerous over time. That can happen if the developer sells the extension, if their account is compromised, if a malicious update is introduced, or if a third-party library with abusive behaviour is added.
Another common case is the over-permissioned extension. It may not act maliciously, but it requests more access than it should. In a corporate environment, that's already a risk. An extension that can read and modify every page visited by a user with access to email, CRM and internal documentation should be reviewed with the same rigour as any other corporate application.
Abandoned extensions also exist — without clear maintenance, updates or with old dependencies. In security, unmaintained software always becomes a problem eventually. The browser shouldn't be the exception.
Finally, AI extensions that never went through any governance process are particularly sensitive. They tend to sit close to high-value data: prompts, email, documents, chats, CRM and commercial information. They don't necessarily need to be banned by default, but they shouldn't be installed without evaluation.
Why official stores are not a sufficient guarantee
A frequent mistake is assuming that an extension published in an official store is automatically safe. Official stores reduce risk but don't eliminate it.
There are several reasons. Automated review can miss subtle malicious behaviour. An extension can change after approval. Abusive behaviour can be triggered only on certain domains or for certain user profiles. Exfiltration can be disguised as telemetry. And browser permissions are, by design, very powerful when the user accepts them.
The average user also doesn't fully understand the scope of those permissions. When an extension asks to "read and change data on the websites you visit", the enterprise implication can be enormous. If that user accesses corporate email, internal documentation, CRM, financial applications or AI tools, the extension lands in a privileged observation position.
So in enterprises, trusting the marketplace is not enough. There needs to be an internal extension policy with inventory, approval, permission review, technical blocking and monitoring.
What corporate data can be exposed
The impact of a poorly controlled extension depends on where it's used and what permissions it holds. In an enterprise, the browser can contain a very significant slice of daily activity.
A risky extension could observe emails, attachments, commercial proposals, customer conversations, support tickets, personal data, credentials entered into forms, CRM content, ERP dashboards, financial information, contract documentation, prompts sent to AI tools and answers generated by models.
In regulated sectors this risk also carries compliance implications. It's not just a technical leak — it can affect GDPR, ENS, ISO 27001, DORA, NIS2, PCI DSS or contractual commitments with customers.
For that reason, browser security should not be treated as a user preference or a minor support task. It is a cross-cutting control covering security, privacy, compliance and continuity.
How this risk should be governed
The first step is to accept that extensions are corporate software. If an extension can run inside the browser that accesses critical applications, it must be subject to policy, inventory and review.
The organisation should know which extensions are installed, on which users, on which devices, with which version, with which permissions, who the publisher is, when they were last updated and whether they are actually approved. Without that inventory, governance is impossible.
Next comes the authorisation model. In low-risk environments it may be enough to block specific categories and review exceptions. In environments with sensitive data, privileged users or demanding compliance, the recommended model is an allowlist — only approved extensions are allowed and everything else is blocked by default.
Permission review is the most important point. Approving an extension by name is not enough. You have to understand what it can do. If it requests access to all sites, read-and-modify on pages, tab interaction or external communication, there has to be a clear justification.
For AI extensions, the evaluation should be even stricter. Who is the provider? What data does it process? Does it retain prompts? Does it use information for training? Does it offer enterprise terms? Does it support centralised admin? Does it align with internal data protection policy?
Conditional access and managed browsers
Extension control gains real strength when integrated with identity and conditional access. Accessing a critical application from a managed browser, on a compliant device with approved extensions, is not the same as doing it from a personal profile with unknown extensions.
Conditional access policies should consider device state, browser, user risk, location, application sensitivity and endpoint compliance. For critical applications it may make sense to restrict downloads, limit sessions, require managed devices or block access from non-compliant browsers.
This approach connects naturally with an IAM and cloud posture review and with a focused Microsoft 365 security assessment, especially in organisations that rely on Exchange, SharePoint, OneDrive, Teams, Entra ID and integrated SaaS apps.
OAuth grants: the risk that persists after you close the tab
Many extensions don't limit themselves to operating inside the browser. Some request OAuth authorisation to access Google Workspace, Microsoft 365, Slack, CRMs or other platforms. That introduces a second layer of risk: the connected application.
An extension can disappear from the browser and still leave persistent authorisations if the user granted OAuth permissions. Reviewing extensions without reviewing authorised applications is therefore an incomplete defence.
The security team should monitor which applications have permissions, which users authorised them, whether they require admin consent, whether they are verified applications, which scopes they use, and whether those permissions are still necessary.
This is especially important in environments where users install productivity or AI tools that connect to email, calendar, documents or CRM. The convenience can end up creating persistent access that's hard to detect without monitoring.
DLP in the browser and GenAI usage
A meaningful share of the risk doesn't come from malware but from normal use of web tools. A user can paste sensitive information into an AI extension to summarise, improve or translate it. They can also upload a document to an external tool with no malicious intent.
Control must therefore combine prevention, education and technology. The goal is not to block all productivity but to prevent sensitive data from leaving without criteria.
In companies with regulated information or relevant intellectual property, it may make sense to apply browser DLP, control file uploads, limit copy/paste in unauthorised applications, separate approved AI tools from public tools, and log relevant events for investigation.
The key is that the policy must be understandable. If the organisation only bans things, users will look for workarounds. If it offers approved tools and explains which data can be used, risk drops without blocking innovation.
What the SOC should see
The SOC needs enough telemetry to detect anomalies related to browser, identity and SaaS. Without visibility, a malicious extension can operate for weeks without producing clear alerts.
Some signals are particularly useful: new extension installations, permission changes, use of non-approved extensions, SaaS access from unmanaged browsers, creation of new OAuth applications, suspicious refresh tokens, off-pattern activity, mass downloads, traffic to unusual domains, EDR alerts related to infostealers.
These signals should be correlated across identity, endpoint, proxy, CASB/SSE, Entra ID, Google Workspace, EDR and SIEM. A single event may not say much. The combination of a new extension, broad permissions, email access, external domain communication and anomalous session activity certainly justifies investigation.
This kind of monitoring fits naturally with a managed SOC, threat hunting capabilities and rapid incident response.
How to respond when a malicious extension is detected
When a malicious or high-risk extension is detected, response should not stop at uninstalling it. If the extension had broad access, assume it may have observed data or sessions.
Containment should include endpoint isolation when warranted, removal of the extension, persistence review, traffic analysis, session revocation, token revocation, review of authorised OAuth applications and analysis of recent activity across SaaS apps.
In Microsoft 365 environments, also review mail rules, forwarding, anomalous logins, MFA changes, application creation, suspicious consent and download activity. If data exfiltration is suspected, the incident response procedure should be activated alongside the relevant legal assessment.
The important lesson is that the extension may have been the entry point, but the incident can continue inside identity, session, or connected applications.
A realistic attack chain
Picture a simple case. An employee installs an extension that promises to summarise emails and improve replies with AI. The extension looks good, is installed from an official store, and requests broad permissions to read pages and communicate with external services.
The user accesses Microsoft 365, CRM and AI tools every day. The extension observes some content, captures prompts, and records browsing activity. At some point it exfiltrates session data, sensitive content, or enough information to prepare a follow-on attack.
The attacker doesn't need to brute-force their way in. They can use the captured information to hijack a session, run highly targeted phishing, request OAuth consent, search for data in mailboxes or pivot across SaaS applications.
If the company doesn't control extensions, doesn't monitor OAuth grants and lacks session telemetry, it can take a long time to understand what happened. If, on the other hand, it has a managed browser, allowlist, conditional access, EDR, CASB/SSE and SOC, the chain can be cut much earlier.
Useful metrics for leadership and steering committees
To bring this risk to a steering committee, it needs translation into metrics. Saying "we have a lot of extensions" is not enough. Exposure and trend need measurement.
Useful indicators include the total number of installed extensions, the percentage of approved extensions, the number of extensions with critical permissions, the number of detected AI extensions, privileged users with non-approved extensions, high-privilege OAuth applications, SaaS access from non-compliant devices, and average time to remove an unauthorised extension.
These metrics turn a technical problem into a governance conversation. They also help to demonstrate continuous improvement in audits and compliance reviews.
Relationship with NIS2, DORA, ENS and ISO 27001
Browser extension security doesn't usually appear as a control with that exact name, but it relates to several common compliance areas: software control, access management, malware protection, endpoint security, monitoring, vulnerability management, information protection, incident response and awareness.
In NIS2, DORA, ENS or ISO 27001 projects, this risk can be integrated into access governance, endpoint protection, SaaS management, change control and incident response.
The message for auditors is clear: the organisation doesn't just control users and devices — it also controls the software running in the environment from which corporate data is accessed.
Where Hard2bit Scanner fits
The extension risk lives mainly inside the browser, endpoint and SaaS layer. Even so, security has to be looked at holistically.
Before reviewing what happens inside the session, it's worth understanding what the organisation exposes publicly to the internet: DNS, TLS, HTTP headers, email security, visible technologies, subdomains, security.txt, robots.txt and signals related to AI agents.
For that first external snapshot you can audit your domain's public posture for free with Hard2bit Scanner.
It doesn't replace an internal audit of browser, IAM or endpoint, but it helps to complete the external exposure picture and to prioritise actions.
How Hard2bit can help
At Hard2bit we help companies reduce real-world risk by connecting technical security, operations and compliance.
The risk of browser extensions and GenAI requires a combined view: Microsoft 365 analysis, IAM and cloud posture review, SaaS and Shadow IT control, managed detection from a SOC, threat hunting, incident response, AI security and audit-ready evidence.
If your organisation wants to assess this risk, define an extension policy, review OAuth grants, improve session-hijack detection or govern GenAI usage, you can talk to a Hard2bit expert.
Conclusion
Browser extensions have moved from small personal utilities to a corporate attack surface. GenAI adoption has accelerated the problem because many extensions promise productivity in exchange for access to email, documents, prompts, sessions and SaaS applications.
The risk is not solved by a single measure. It requires inventory, policy, permission control, managed browsers, conditional access, OAuth grant review, DLP, SOC telemetry and response capability.
MFA remains essential, but it's not enough if an already-authenticated session can be observed, stolen or abused. Modern security has to protect not only the password, but the session, the browser and the connected applications.
The question every company should ask isn't only whether its users have extensions installed. The real question is: do we know which extensions they have, which permissions they've granted, and which corporate data those extensions can see?
If the answer isn't clear, this is the moment to review the risk — before a seemingly useful extension turns into the entry point of an incident.
Disclaimer: The threats described in this article must be assessed in the context of each organisation's technical, legal and operational situation. Not every extension with broad permissions is malicious, but they all require governance, review and control proportional to the data and applications the user accesses. This article is informational and does not replace a technical audit, configuration review, pentest or formal compliance assessment. For risk interpretation and definition of concrete measures, specialised advice is recommended.