browser-extensions
Safeguard articles tagged "browser-extensions" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Browser extensions are the softest target in your stack
A patched Grammarly bug let any website steal a user's documents; a 2025 flaw in Anthropic's Claude extension enabled silent prompt injection. Extensions keep failing the same three ways.
Firefox add-on supply chain: how Mozilla's posture differs from Chrome's
Mozilla Add-ons applies mandatory signing, a stricter review path for extensions that touch broad permissions, and a separately maintained recommended-extensions program. Here is what that buys defenders in 2026 and where the gaps still are.
Chrome extension marketplace hijack: the acquired-and-weaponized pattern
Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.
Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security
Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.
Browser Extension Supply Chain Attacks: The Overlooked Threat Vector
Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.
Browser Extension Permission Models and Supply Chain Risk
Browser extensions operate with broad permissions and auto-update silently. Here is how the extension permission model creates supply chain risks and what organizations can do about it.
Browser Extension Attacks and the Supply Chain
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.