Browser backdoors: Securing the new frontline of shadow IT

2024-08-13 04:30

Browser extensions are a prime target for cybercriminals.

This isn't just a consumer problem - it's a new frontier in enterprises' battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces.

In much the same way admins mustn't be afraid to blacklist apps that peek behind their firewall, the same ethos applies to weeding out browser extensions - when in doubt, block it out.

Keep in mind that even if ecosystem orchestrators like Google and Mozilla remove a questionable extension from their respective store, it isn't automatically removed from the browser itself.

Rather, the extension will remain active until the next browser update cycle, leaving companies potentially exposed in the interim.

To me, browsers are yet another example of the pervasive danger of shadow IT. As employees work hybrid or from home, often from their own endpoint or device, they can pick and choose the extensions they want.

News URL

https://www.helpnetsecurity.com/2024/08/13/browser-extensions-shadow-it/

#backdoor #browser