Sneaky Extensions: How Malicious Browser Add-ons Bypass Security and Put Enterprises at Risk

In the rapidly developing world of cyber threats, one central area often goes unnoticed: the dangers of browser extensions. These innocuous-appearing plug-ins, used by millions of ordinary people and businesses, can be a means of malicious work.

At DEF CON 32, SquareX exposed this new threat by demonstrating that even Google’s new shields, including MV3, do not save users from advanced, malicious add-ons.

The Problem: Manifest V3’s Shortcomings

It seemed like an upgrade when Google introduced MV3 to solve security flaws. However, SquareX’s research reveals that many malicious extensions can still bypass detection. I’ve seen how browser extensions can often be overlooked as harmless tools, but SquareX’s findings clarify that this assumption is risky. Here are some of the critical vulnerabilities that have emerged:

Why This Matters To Enterprises

The consequences for the companies involved are incalculable. Browser extensions for browsers are usually easy to install and are widely used by employees for their work, and many managers never think that they are dangerous. Yet, virtually all enterprises’ security tools – EDR, SWG, and others – do not have visibility into these extensions. This is a tremendous blind spot when it comes to enterprise security.

This is because attackers can put malicious extensions that look legitimate into the marketplace. Once installed, these extensions can:

• Supervise the talking when carrying out sensitive web calls.
• Steal accounts of authorization and other corporate secured information.
• Stand up for the victim to change access rights or download the virus.

The lack of good detection tools exposes organizations to data breaches, loss or theft of intellectual property, and damage to reputation.

SquareX’s Solution: Browser Detection and Response (BDR)

SquareX has created its Browser Detection and Response (BDR) platform to address these issues. This solution enables enterprises to identify, regulate, and prevent hazardous extensions from using the browser in the first place. Here’s how it works:

Dynamic Extension Analysis: SquareX deploys a Chromium browser within its cloud structure albeit with modifications, to enable real-time evaluation of browser extensions. It effectively identifies potentially malicious behaviours within the network and proactively alerts companies on same.

Blocking Malicious Network Requests: With advanced algorithms and heuristics, SquareX can easily detect undesirable network requests coming from extensions. This means it will stop even if an extension tries connecting to a bad server or running other malicious scripts.

Fine-Grained Policy Control: Much stricter rules can be set for restricting or permitting the given extensions based on the set of requested permissions, number of users, number of reviews, and the author’s reputation. This level of control ensures that only reliable extensions are installed in the employees' browsers.

The Road Ahead: Why Enterprises Must Act Now

Currently, SquareX’s BDR solution targets medium to large enterprises so they can take back control of browser security. This tool covers browser extension exploits. But as Vivek Ramachandran, Founder & CEO of SquareX, warned during DEF CON 32:

"Browser extensions are a blind spot for EDR/XDR and SWGs, making them a potent tool for attackers. Without dynamic analysis and stringent policies, identifying and blocking these attacks will remain challenging."

As cybercrime becomes increasingly sophisticated, companies can’t afford to be left behind. It is completely unwise not to consider the threats that such extensions pose.

Conclusion: Preventive Steps towards Better Cybersecurity

Google’s Manifest V3 finally became real, but, as SquareX's research demonstrates, even with it, it is insufficient to shield enterprises from the growing danger posed by malicious extensions. This means that security measures must also be dynamic—or, more suitably, aligned with advancements in the digital realm. With the help of SquareX’s Browser Detection and Response (BDR), enterprises can effectively protect their users and data from the increased risks of surreptitious extensions.

Many browser extensions can be as small as add-ons, but they could potentially escalate security issues to the worst stage. The time to act is now.

Stay tuned to read more stories as Khushi unveils a facet of my life where imagination rules the roost and life is viewed in a very different light.