.jpg)
Push Security, a leader in browser-based threat detection and response, has launched new capabilities to detect and automatically block known malicious browser extensions from running in employee browsers. This feature addresses the rising threat of extension-based attacks, providing organizations with visibility, policy enforcement, and productivity-preserving controls across diverse browser and OS environments.
Browser extensions have become a prime attack vector as attackers exploit the massive ecosystem—over 100,000 in the Chrome Web Store alone—and the difficulty of monitoring them across modern, hybrid workforces.
Recent campaigns like ShadyPanda, ZoomStealer, and GhostPoster, along with breaches involving vendors such as Cyberhaven and Trust Wallet, demonstrate how malicious extensions enable compromise. Many start benign and turn malicious via updates, developer hacks, or legitimate acquisitions—evading initial store reviews through obfuscation and dynamic code.
Even after removal from stores, extensions can persist in browsers, remaining active until manually addressed. Traditional defenses struggle with this dynamic, post-approval risk.
“Browser extensions represent one of the most under-monitored attack vectors in modern enterprises,” said Jacques Louw, chief product officer at Push Security. “For modern organizations running different operating systems and browsers across their workforce, it’s hard to know what’s running, let alone what is malicious.”
“Compounding the issue, most malicious extensions do not begin as malicious,” he continued. “Attackers frequently create initially benign extensions and later push malicious updates, or take over existing extensions with large install bases, by hacking extension devs, or simply by purchasing the extension legitimately. Once a malicious update is deployed, every browser running the extension can be compromised when their browser next updates.”
“Simply blocking extensions altogether is unrealistic for most organizations. Security teams need visibility and enforcement without disrupting productivity.”
The feature leverages Push’s updated malicious extension intelligence database to identify threats in real time. Organizations can set policies in monitor mode (for visibility and alerting) or block mode (for automatic disabling). When a malicious extension is detected:
Beyond blocking, Push delivers comprehensive visibility into every extension in use, including metadata on publishers, permissions, installation methods, and changes over time. This empowers teams to create custom allowlists/blocklists, spot risky behaviors (e.g., sudden permission escalations), and maintain consistent control across Chrome, Edge, and other browsers.
This launch enhances Push Security’s agent-based platform, which already detects and responds to browser-native threats like adversary-in-the-middle phishing, session hijacking, and credential stuffing. By treating the browser as a critical endpoint—similar to EDR for devices—Push provides full visibility into user activity, attacker tactics, and session risk.
The malicious extension blocking capability is available immediately to Push customers. More details are in the company’s blog post.
Push Security continues to innovate in browser-layer defense, helping organizations secure the environment where users interact most and attackers increasingly focus—without compromising productivity or requiring blanket restrictions.
About Push Security
Push Security brings real-time detection and response to the layer where users work — and where attackers operate, the browser. By deploying a powerful agent inside the browser, Push gives defenders full visibility into user activity, attacker behavior, and session-level risk. It detects threats like phishing kits and session hijacking, enforces protective controls like MFA and SSO, and provides the telemetry security teams need to investigate fast. Think of Push as being like EDR, but in the browser. Push was founded by former red team members skilled in offensive security and security operations and is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.