The Unaudited Extension Problem
The Chrome Web Store contains over 180,000 extensions. Many of these extensions — particularly those adding AI capabilities to web browsing — request broad permissions: access to all website content, clipboard access, storage access, and network request interception.
USENIX 2025 research found that 83% of Chrome extensions with broad permissions have never undergone a security audit. These extensions were created, published, and installed by millions of users without any independent verification that they do what they claim — and nothing more.
The security audit gap is a structural feature of how browser extensions are distributed. The Chrome Web Store conducts automated scanning for malware signatures and policy violations, but automated scanning cannot evaluate whether an extension's data collection practices are disclosed accurately, whether API data is transmitted to undisclosed third parties, or whether the extension's stated functionality is its complete functionality.
The Enterprise Exposure
Forrester Research 2024 found that 45% of enterprise employees use browser extensions not approved by IT. The figure reflects the informal way browser extensions are typically adopted: an employee finds a productivity tool, installs it, and uses it — without any interaction with the IT department.
The combination of 83% never-audited and 45% unapproved means that nearly half of enterprise employees are using extensions whose security properties have not been verified by anyone — and whose use has not been sanctioned by the organization that is responsible for the data those employees handle.
For organizations in regulated industries, this creates direct compliance exposure. An HR employee using an unapproved browser extension that collects clipboard content has potentially exposed employee personal data to an unscreened third party. A legal professional using an unapproved AI writing assistant that accesses page content has potentially exposed client confidential information.
What the 900K-User Incident Demonstrates
The January 2026 incident in which malicious Chrome extensions exposed the AI chat histories of 900,000 users — 600,000 from one extension, 300,000 from another — illustrates the failure mode that the 83% unaudited figure describes.
The extensions appeared to provide legitimate AI-related functionality. They were available in the Chrome Web Store. They had user bases large enough to suggest legitimacy. And they were exfiltrating AI conversation content to external servers.
The exfiltration was complete within 30 minutes of installation. By the time security researchers identified and reported the extensions, the conversation content of 900,000 users — including whatever sensitive information those users had discussed with AI tools — had left their control.
Research from Caviard.ai (2025) found that 67% of AI Chrome extensions collect user data — the majority of the AI extension category. Of those collecting data, the disclosure, security practices, and transmission destinations vary enormously.
The Enterprise Browser Governance Framework
For enterprise security teams, the appropriate response to the unaudited extension problem is not to prohibit all browser extensions — the operational impact of that approach is significant. It is to establish a governance framework that limits exposure to audited, approved extensions for AI functionality specifically.
Extension allowlisting: Define the approved list of browser extensions for enterprise devices. Security team review before addition to the list. Chrome Enterprise policy enforcement prevents installation of non-allowlisted extensions.
AI-specific extension vetting: Extensions that process AI prompts receive additional scrutiny — network traffic analysis to confirm transmission destinations, permission scope review, and publisher identity verification.
Technical controls for AI content: For employees using AI tools that are approved, browser-level technical controls (rather than relying on extension behavior) intercept sensitive content before it reaches AI providers. This decouples the security obligation from trust in individual extensions.
The 83% unaudited rate is not addressable through user education — users cannot audit Chrome extensions themselves. It is addressable through enterprise governance that separates approved from unapproved, and through technical controls that provide data protection regardless of extension behavior.
Sources: