Do supply chain risks make you lose sleep?


I recently spoke with a Data Governance director. At the end of our conversation he lamented that browser extensions kept him up at night. Is this true of you?

Did you know?

Browser Extensions have been around for 20+ years and still engender much anxiety. The early browser extensions were plugins and did simple tasks like changing the color of your background on a webpage. (You can still find these)

Now though, browser extensions are full-fledged applications doing amazing things to your webpage, computer resources, AI Integration workflows and automating mundane tasks.

What can you Directors and Security Professionals do to sleep more soundly at night?

  • Treat the browser like a server or Endpoint worth guarding. Monitor, audit and apply PoLP at a minimum.
  • A browser extension or any desktop application presents a supply chain risk. Invest in the time and tools it takes to dynamically test them.
  • Consult OWASP, Chrome Security docs and professionals that specialize in this domain.
  • Most companies have a procedure for reviewing and approving browser extensions. What is yours?

Supply chain risks will continue to increase and morph in the future. Apply these strategies to get your slumber back.

Resources:

https://cheatsheetseries.owasp.org/cheatsheets/Browser_Extension_Vulnerabilities_Cheat_Sheet.html

https://developer.chrome.com/docs/extensions/reference/api