72% of enterprise users have at least one browser extension with a known CVE. Pulled the numbers on our org and it tracks.

Came across this study and it pushed me to run the audit I’d been putting off. We came in slightly worse than the 72% benchmark. Most of it isn’t malware, just abandoned grammar tools and a screen recorder a PM installed in 2022. The AI extension piece got me tho. They’re 60% more likely to have a CVE and 6x more likely to silently expand permissions post-install. Our governance was basically permissions looked fine, ship it. That doesn’t survive self-updating extensions. Curious what other IT leads here are doing about this attack surface. submitted by /u/LongButton3 [link] [comments]Technical Information Security Content & DiscussionRead More