ExtensionPedia launches with risk scores for 200K browser add-ons

LayerX Security has launched ExtensionPedia, an online resource designed to provide security evaluations for over 200,000 browser extensions.

The new platform provides individuals and enterprises with detailed risk assessments for browser extensions available for Chrome, Edge, and Firefox, enabling users to review security scores before installation. ExtensionPedia also includes a knowledge centre featuring guidance on mitigating threats from malicious browser extensions.

Malicious browser extensions have been cited as a significant but overlooked identity security risk affecting both home and workplace users. Recent incidents, including multiple breaches over the past six months, have reportedly exposed nearly ten million users worldwide to risks such as identity theft and data leakage via compromised extensions. These risks have prompted warnings from law enforcement agencies such as the FBI.

One of the challenges users face is the complexity of extension trustworthiness, as extensions can be developed, modified, or compromised by malicious actors and redistributed widely. Access to complete, impartial risk information on individual extensions has not typically been available to the general public or organisations.

Extension stores typically apply only baseline verification processes to detect obvious malicious indicators in extensions. Deeper investigations into suspicious behaviour or complex risks usually fall outside their standard review procedures.

Or Eshed, Co-Founder and Chief Executive Officer of LayerX, explained the rationale behind the launch of ExtensionPedia: "While browser extensions are often considered harmless, in practice they are frequently granted extensive access permissions to users' identity information and data, leading hackers to use them as an attack channel for credential theft, account takeover and data theft."

He added, "When someone installs a browser extension – either for personal or work – users and their organisations have no idea what permissions each extension has, how reputable the extension author is and the risk profile of the extension. Our Browser Extension Risk Database and Knowledge Centre for the first time helps get the information individuals and enterprises to protect themselves."

ExtensionPedia's risk evaluations are based on anonymised data collected from millions of sessions using the LayerX platform, which operates as a user-centric extension for protecting identities directly within browsers.

Key features of ExtensionPedia include access to data on over 200,000 extensions across major browsers, integration with the LayerX management console, and availability for public use online. Each extension is given a detailed score based on parameters such as permission scope and reputation risk. Users can also view a single, unified risk score incorporating all available risk factors.

Additional information available through ExtensionPedia includes extension details, publisher data, and a range of articles and guides covering topics related to browser extension security and best practices for preventing malicious activity.

Individuals and organisations using ExtensionPedia can search for extensions by name or unique ID, review extensions by category—including GenAI, VPN tools, and password managers—and compare risk scores. The platform offers both high-level risk assessments and more granular, detailed breakdowns, including permission access and publisher reputation.

ExtensionPedia also features resources to help users educate themselves on the risks and protection strategies related to browser extensions.