ExtensionPedia launches with risk scores for 200K browser add-ons
LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions.
The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions.
Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI.
One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations.
Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures.
Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft."
He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves."
ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers.
Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors.
Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity.
Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation.
ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
a day ago
- RNZ News
Google makes case for keeping Chrome browser
By Thomas Urbain , AFP Photo: AFP / Anadolu Agency Google has urged a US judge to reject the notion of making it spin off its Chrome browser to weaken its dominance in online search. Rival attorneys made their final arguments on Friday (local time), before US District Court Judge Amit Mehta, who is considering imposing "remedies", after a landmark decision last year that Google maintained an illegal monopoly in search . US government attorneys have called on Mehta to order Google to divest itself of Chrome browser, contending that artificial intelligence is poised to ramp up the tech giant's dominance as the go-to window into the internet. They also want Google barred from agreements with partners like Apple and Samsung to distribute its search tools, which was the focus of the suit against the Silicon Valley internet giant. Three weeks of testimony ended early in May, with Friday devoted to rival sides parsing points of law and making their arguments before Mehta in a Washington courtroom. John Schmidtlein, an attorney for Google, told Mehta no evidence was presented showing people would have opted for a different search engine without the exclusivity deals in place. Schmidtlein noted that Verizon installed Chrome on smartphones, even though the US telecom titan owned Yahoo! search engine and was not bound by a contract with Google. Of the 100 or so witnesses heard at trial, not one said "if I had more flexibility, I would have installed Bing" search engine from Microsoft, the Google attorney told the judge. Department of Justice (DOJ) attorney David Dahlquist countered that Apple, which was paid billions of dollars to make Chrome the default browser on iPhones, "repeatedly asked for more flexibility", but was denied by Google. Google contends that the US has gone way beyond the scope of the suit by recommending a spinoff of Chrome and holding open the option to force a sale of its Android mobile operating system. "Forcing the sale of Chrome or banning default agreements wouldn't foster competition," said Cato Institute senior fellow in technology policy Jennifer Huddleston. "It would hobble innovation, hurt smaller players and leave users with worse products." Google attorney Schmidtlein noted that more than 80 percent of Chrome users are outside the US, meaning divestiture would have global ramifications. "Any divested Chrome would be a shadow of the current Chrome," he contended. "Once we are in that world, I don't see how you can say anybody is better off." The potential of Chrome being weakened or spun off comes as rivals like Microsoft, ChatGPT and Perplexity put generative artificial intelligence (AI) to work, fetching information from the internet in response to user queries. The online search antitrust suit was filed against Google some five years ago, before ChatGPT made its debut, triggering AI fervour. Google is among the tech companies investing heavily to be a leader in AI, and is weaving the technology into search and other online offerings. Testimony at trial included Apple Vice President of Services, Eddy Cue, revealing that Google's search traffic on Apple devices declined in April for the first time in more than two decades. Cue testified that Google was losing ground to AI alternatives like ChatGPT and Perplexity. Mehta pressed rival attorneys regarding the potential for Google to share data as proposed by the DOJ in its recommended remedies. "We're not looking to kneecap Google, but we are looking to make sure someone can compete with Google," DOJ attorney Adam Severt told the judge. Schmidtlein contended that data Google is being asked to share contains more than just information about people's online searches, saying it would be tantamount to handing over the fruit of investments made over the course of decades. "There are countless algorithms that Google engineers have invented that have nothing to do with click and query data," Schmidtlein said. "Their remedy said we want to be on par with all of your ingenuity and, respectfully your honour, that is not proportional to the conduct of this case." - AFP
Techday NZ
3 days ago
- Techday NZ
ExtensionPedia launches with risk scores for 200K browser add-ons
LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions. The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions. Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI. One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations. Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures. Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft." He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves." ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers. Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors. Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity. Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation. ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.
Scoop
4 days ago
- Scoop
Q1/2025 Gen Threat Report Reveals AI-Driven Scams Redefining Cybercrime
Press Release – Gen Example of a Fake Update popup in Firefox. The fake update mimics the branding, language, and layout of legitimate software. It often uses urgent language like: Your version is out of date, click to update now! Auckland, 29 May, 2025 — Gen (NASDAQ: GEN), a global leader powering Digital Freedom with a family of trusted brands including Norton, Avast, LifeLock, MoneyLion and more, today released its Q1/2025 Gen Threat Report, highlighting the most significant shifts shaping the global Cyber Safety landscape observed between January and March 2025. Key report findings include a 186% surge in breached personal information, a 466% increase in phishing reports, growth in fake browser update scams by 17 times the previous quarter's levels, and more than 4 million people protected from Scam-Yourself Attacks, alongside the rise of mobile financial fraud and crypto-related US presidential inauguration scams. 'Online threats are evolving at a startling pace,' said Siggi Stefnisson, Cyber Safety CTO at Gen. 'Attackers are moving away from broad, indiscriminate campaigns to highly personalised, AI-enhanced deception. Breached data and AI tools are giving cybercriminals just enough personal information and design sophistication to more easily manipulate people. That's why we constantly evolve our cybersecurity solutions to be an interactive partner in fighting scams and to be one step ahead of cybercriminals.' Notable Trends from the Q1/2025 Gen Threat Report: Data Breaches Escalate Data breaches are on the rise, with a 36% increase in the number of breaches faced by companies compared to last quarter. Individual breached records surged by more than 186%, revealing sensitive information such as passwords, emails, and credit card details. Attackers employed more advanced infostealers like Lumma Stealer, making data compromise faster and harder to detect. Phishing Scams Designed to Bypass Security Filters Reports of phishing scams rose by a staggering 466% compared to the previous quarter, now making up nearly 32% of all scam submissions to the Norton Genie scam detector. According to the Norton Genie scam detector platform, phishing is the fastest-growing threat, second only to generic scams, which accounted for 51% of reports. The good news is that people are becoming more wary of potential phishing scams and reporting these messages. Telemetry data reveals a growing number of phishing campaigns that abuse dynamic DNS services and subdomain providers, as well as free website builders to create deceptive login pages. This means, that by mimicking legitimate login portals and leveraging trusted domains—like recent scams targeting AT&T, Telstra and Xfinity customers—attackers make phishing attempts harder to detect and more likely to succeed. Many of these campaigns create a sense of urgency for potential victims through emails claiming account issues or prompting people to review sensitive documents. Despite sometimes being poorly written, the use of familiar platforms and subdomain tricks allows these scams to bypass security filters and remain highly effective. Scam-Yourself Attacks and Fake Browser Updates on the Rise Example of a Fake Update popup in Firefox. The fake update mimics the branding, language, and layout of legitimate software. It often uses urgent language like: 'Your version is out of date, click to update now!' Gen helped protect over 4 million users from Scam-Yourself Attacks in which individuals, through sophisticated deception, are manipulated into infecting their own devices. In one of the most striking evolutions of this type of scam that we observed this quarter, attackers are using AI-generated personas, deepfake influencers and hired actors. They use these personas to deliver their malicious campaigns. This is primarily done through compromised YouTube accounts, leveraging interactive FakeCAPTCHAs and asking people to verify they are human but instead guiding them to give device permissions or download malware. Fake Update Scams grew to over 17 times last quarter's level. This type of Scam-Yourself Attack tricks people into installing malware under the guise of browser updates. Financial Threats Thrive on Mobile and Crypto Mobile financial threats continued to rise, fuelled by increasingly sophisticated tactics that target people directly through their smartphones. Malware, like banking trojans, now exploit accessibility features to overlay fake login pages, stealing sensitive data such as crypto wallet credentials. Combined with an uptick in credit and transaction fraud alerts, there's a growing trend of attackers focusing on mobile devices as gateways to people's financial lives. Digital currencies continue to be a target for financial threats. CryptoCore executed one of its most successful campaigns in early 2025, hinging on the US presidential inauguration. Attackers leveraged deepfake videos of public figures spread through compromised YouTube accounts to steal close to $4 million spread through more than 2,000 transactions. Gen is always innovating to stay one step ahead of today's evolving cyberthreats. Our trusted family of brands offers powerful solutions to help keep you safe—LifeLock helps people protect their identity, the Norton Cyber Safety lineup comes equipped with Norton Genie scam protection, and products like Avast Mobile Security offer protection for mobile devices, just to name a few. To learn more about the latest Cyber Safety tips and solutions, visit our blog at About Gen Gen (NASDAQ: GEN) is a global company dedicated to powering Digital Freedom through its trusted consumer brands including Norton, Avast, LifeLock, MoneyLion and more. The Gen family of consumer brands is rooted in providing financial empowerment and cyber safety for the first digital generations. Today, Gen empowers people to live their digital lives safely, privately and confidently for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy, identity protection and financial wellness to nearly 500 million users in more than 150 countries. Learn more at
