- Browser extensions can be silent threats, silently harvesting your data without obvious signs
- ExtensionPedia could become the go-to source for vetting browser add-ons before installation
- LayerX exposes a serious security gap that even major app stores consistently overlook
Browser extensions often make browsing easier by blocking ads, autofilling passwords, or providing productivity tools, but they also pose one of the most overlooked security risks in today’s digital ecosystem.
To address this, cybersecurity company LayerX has launched ExtensionPedia, a kind of “Wikipedia for extensions,” aimed at providing in-depth risk assessments for over 200,000 browser extensions across Chrome, Firefox, and Edge.
Internet users typically rely on app stores to vet these extensions and ensure they are safe. However, LayerX claims that these stores “only do a superficial job of vetting extensions.” While they scan for malware and obvious red flags, they do not investigate behavioral patterns or the ownership lineage of extension code.
Extra scrutiny for browser extensions
“When someone installs a browser extension - either for personal or work use - users and their organizations have no idea what permissions the extension has, how reputable the author is, or the extension’s overall risk profile,” said Or Eshed, co-founder and CEO of LayerX.
This has created a loophole through which malicious actors have repeatedly introduced spyware, adware, and data-harvesting tools.
In recent months, browser-based identity theft and data exfiltration via extensions have become so prevalent that they’ve prompted official warnings from agencies like the FBI.
“While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users’ identity information and data,” LayerX notes, “leading hackers to use them as an attack channel for credential theft, account takeover, and data theft.”
LayerX says its service pulls anonymous data from millions of browser sessions via its database, which includes unified risk scores, granular permission breakdowns, and detailed reputation analyses, all in one searchable, public-facing tool.
While antivirus and endpoint protection platforms can help guard against malicious extensions, the availability of a dedicated risk score could empower users to make more informed decisions.
However, users must actively search the ExtensionPedia database and understand the significance of permission scopes or publisher risk scores.
The concept is promising, but skepticism remains over whether users will truly comprehend the scores or simply dismiss them as technical jargon. Additionally, the effectiveness of such a database in addressing the broader cybersecurity threat landscape remains to be seen.
The concept also assumes users will research extensions before installing them, something that rarely happens in practice.
By making extension risk scores public, LayerX is undeniably increasing transparency, but visibility alone does not equate to protection.
ExtensionPedia is currently available for free, but its real impact will depend on how widely, and thoughtfully, it’s used.
You might also like
- These are the best VPNs with antivirus available now
- Here's a list of the best firewalls around today
- Criminals hijacking subdomains of popular websites such as Bose or Panasonic to infect victims with malware
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.