Safeguard
Tag

browser-extensions

Safeguard articles tagged "browser-extensions" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Application Security

Browser extensions are the softest target in your stack

A patched Grammarly bug let any website steal a user's documents; a 2025 flaw in Anthropic's Claude extension enabled silent prompt injection. Extensions keep failing the same three ways.

Jul 8, 20267 min read
Supply Chain Attacks

Firefox add-on supply chain: how Mozilla's posture differs from Chrome's

Mozilla Add-ons applies mandatory signing, a stricter review path for extensions that touch broad permissions, and a separately maintained recommended-extensions program. Here is what that buys defenders in 2026 and where the gaps still are.

May 12, 20268 min read
Supply Chain Attacks

Chrome extension marketplace hijack: the acquired-and-weaponized pattern

Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.

May 12, 20269 min read
Browser Security

Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security

Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.

Mar 15, 20235 min read
Threat Analysis

Browser Extension Supply Chain Attacks: The Overlooked Threat Vector

Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.

Nov 15, 20227 min read
Supply Chain Security

Browser Extension Permission Models and Supply Chain Risk

Browser extensions operate with broad permissions and auto-update silently. Here is how the extension permission model creates supply chain risks and what organizations can do about it.

Nov 5, 20226 min read
Application Security

Browser Extension Attacks and the Supply Chain

Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.

Nov 5, 20226 min read
browser-extensions — Safeguard Blog