Every morning, a CISO reviews a dashboard that should provide peace of mind. EDR is clean. The firewall is standing watch. On paper, the organization is secure.
Inside every browser session running across the fleet, a layer of third-party code is executing with elevated privileges — reading credentials, intercepting session tokens, and in some cases routing corporate traffic to servers in jurisdictions your policy explicitly prohibited. None of it triggered an alert. None of it showed up in the logs.
This is the Extension Jungle: the sprawling, unaudited ecosystem of browser add-ons that most security stacks are architecturally blind to. It’s not a theoretical risk. It’s the largest unmanaged attack surface in most enterprise environments right now — and the vast majority of organizations have never looked directly at it.
What is the “Extension Jungle”?
Browser extensions are third-party code modules that run inside the browser session with privileged access to user activity — credentials, session tokens, clipboard data, and page content. Unlike standalone applications, they operate entirely within the browser’s trusted context, invisible to firewalls and endpoint agents. The “Extension Jungle” is the unmanaged collection of these extensions running across an enterprise environment, often holding permissions to read, modify, and transmit sensitive data — without any visibility from the security stack.
The shorthand we hear from practitioners: extensions are no longer the backdoor. They’re the front door.
What Extensions Actually Are (and Aren’t)
Browser extensions are commonly dismissed as minor productivity utilities — a grammar checker, a tab manager, a screenshot tool. That framing is dangerously misleading.
Extensions are privileged pieces of code that execute inside the browser session with permissions that would concern any network administrator. A standard extension can read and modify all data on every page a user visits, access active session tokens and cookies, log keystrokes and capture screen content, and transmit that data to external servers. These aren’t edge-case capabilities reserved for malicious tools — they’re standard permissions that millions of installed extensions hold right now, granted with a single user click, with no IT approval required.
Unlike software installs, extensions bypass most endpoint controls. Restrictions that prevent users from installing unauthorized applications have no effect inside the browser. And critically, extensions update silently — a legitimate tool today can become a compromised one tomorrow, after a developer account is phished or a malicious update is pushed through an official store.
The Cyberhaven breach in December 2024 demonstrated this precisely. A trusted Chrome extension used by marketing and finance teams across enterprises was compromised through a phishing attack on a developer credential. Within hours, the malicious version was live in the Chrome Web Store. Browsers that auto-updated during the 24-hour exposure window began silently exfiltrating session cookies and SaaS tokens at scale. The extension had passed every prior audit. The update was automatic. The compromise was invisible to every endpoint and network tool watching.
This is what makes extensions categorically different from other shadow IT. They don’t just exist outside the perimeter — they operate inside the session, at the exact layer where credentials, data, and decisions live.
How Does a Malicious Extension Actually Steal Data?
The mechanics matter, because the abstraction hides what’s really happening:
A user installs or already runs an extension that holds — or later acquires — scripting permission. That permission lets the extension read the active session’s DOM: every form field, every page element, everything rendered on screen. Once the extension is hijacked or pushed a malicious update, it can silently take screenshots of the active session, harvest session cookies and tokens, and log what gets typed into prompts and search bars. It then exfiltrates that data to a background service or a low-reputation domain that traditional firewalls fail to flag — because to the firewall, it just looks like the browser making another HTTPS request.
No alert. No log entry. No process anomaly for the EDR to catch. From every layer below the session, it’s all just Chrome doing what Chrome does.
Why Your Stack Doesn’t See This
The visibility gap isn’t a configuration problem. It’s structural.
Firewalls and network-layer security tools operate at Layers 3 and 4. They see packets and connections — origin IPs, destination domains, protocol types. Once an HTTPS session is established, the content is encrypted and the network layer goes effectively dark. SSL inspection helps, but it sees the traffic stream, not the browser context. It cannot distinguish between a user typing into a SaaS app and an extension silently harvesting that same session data in the background. And every Netskope or Zscaler deployment we’ve seen in the field carries a growing exclusion list — Slack, dev tools, embedded apps that break under SSL inspection — and every exclusion is an unmonitored gap.
EDR tools monitor device processes and known malicious behaviors. Extensions don’t run as standalone processes; they run inside the browser, inheriting its trusted status. From the EDR’s perspective, it’s all just Chrome.
The phrase that captures this best comes up repeatedly in practitioner conversations: the firewall sees the pipe. It doesn’t see the water. Connections, yes. The interaction inside the session, no.
This isn’t a tooling failure. It’s a layer mismatch. Your security stack is looking at the network. The risk lives inside the browser session.
The Extension Jungle in Practice
When organizations run their first session-layer visibility assessment, the results are consistently surprising — not because the risks are exotic, but because of the sheer scale of what was already there.
Across enterprise environments, a 7-day session-layer assessment typically surfaces an average of 180+ medium- to high-risk browser extensions per environment, with the majority holding excessive permissions — scripting access, cookie access, network capabilities. Hundreds of unsanctioned SaaS applications appear in environments that believed they had shadow IT under control; one client environment surfaced 637 distinct SaaS apps in active use. AI traffic volumes regularly run into the tens of thousands of requests per month from small user populations — one assessment surfaced 135,000 ChatGPT requests in 60 days from just 225 users. Geographic leakage — corporate traffic silently routing to high-risk regions — shows up in nearly every environment assessed.
One case illustrates the gap clearly. A prominent U.S. law firm, responding to data sovereignty concerns around DeepSeek, blocked the domain at the firewall level. The IT ticket was closed. Leadership felt covered.
A session-layer visibility exercise told a different story. Seventy percent of the firm’s users had already installed an AI wrapper extension — a tool that functioned as an interface for multiple AI models, including DeepSeek, executing entirely inside the browser session. Because it operated above the network layer, it was invisible to the firewall and to the endpoint agent. Corporate traffic, including sensitive legal work, was being silently routed through servers in China. No alert had fired. No policy had triggered.
They had blocked the website. They hadn’t blocked the work. The extension had filled the gap the moment the block went up.
A separate POC at a regulated U.S. organization surfaced 15 users running an extension called Cider — a wrapper for the DeepSeek model — exfiltrating session traffic to servers in China. The user group was 10–15 people. The extension wasn’t on any inventory. It hadn’t been flagged by anything in the existing stack.
This pattern — where a domain block drives behavior into a less visible channel — is not an edge case. It’s a predictable consequence of operating at the wrong layer.
The Latent Detonator Problem
Beyond active exfiltration, extensions introduce a category of risk that’s harder to track: the legitimate tool that becomes a threat after the fact.
Extension updates are automatic and silent. Most users — and most IT teams — have no visibility into what changed in a given update, what new permissions were requested, or whether the developer account that published the update is the same one that originally built the tool. An extension that was safe at the time of install may be compromised six months later, with no indicator visible to the user or the security stack.
In session-layer assessments, we routinely identify extensions that have quietly changed their network behavior since their original installation — tools that have begun sending data to external destinations not present in their original code. They aren’t necessarily flagged as malicious. They’re flagged as changed — which in the extension context is operationally equivalent. The Cyberhaven case is the headline example. The pattern is broader.
The update vector is why extension governance can’t be a one-time audit. The Jungle grows back.
What Session-Layer Visibility Changes
The reason most organizations have never fully mapped their Extension Jungle isn’t negligence. It’s that the tools available to them don’t reach the layer where extensions operate. You can’t audit what you can’t see.
Session-layer visibility changes the question. Instead of asking “do we have any bad extensions?” — which your current stack cannot reliably answer — the question becomes: what is every extension in this environment doing, what permissions does it hold, and is it sending data anywhere it shouldn’t? That’s a question the session layer can answer in real time, across every browser, including incognito sessions and extensions that appear “disabled” in standard audits but still hold active system-level permissions.
The output isn’t a theoretical risk score. It’s a counted, categorized inventory of real exposure: which extensions are active, which hold scripting or cookie permissions, which are transmitting data externally, and to where. That inventory is the starting point for remediation — and for finally understanding the actual shape of the attack surface your organization has been operating with.
The security tools protecting your organization weren’t built to see inside the browser session. That’s not a criticism — it’s an architectural reality worth understanding before the Extension Jungle in your environment becomes the incident that defines your next review.
A 7-day session-layer visibility assessment typically surfaces what no prior audit caught: every active extension across your fleet, which ones hold permissions to access sensitive session data, and where your browser traffic is actually going. The assessment runs with no agents, no browser changes, and no disruption to users. Most environments are live and collecting data in under an hour.
