Plug and Prey: Scanning and Scoring Browser Extensions

Browser extensions are an unmonitored threat surface in most enterprises. Security teams have tools for endpoints, networks, and identities, but the browser is often left out. Extensions can access sensitive data, run arbitrary scripts, and update silently. Most organizations have no idea what's installed across their fleet.

This talk introduces ExtHuntr, an open source tool that scans for installed browser extensions, analyzes their permissions and behavior, and generates a risk score. It gives defenders visibility where they currently have none.

We will walk through how extensions are abused in the wild, how even well-known plugins can turn malicious, and why relying on store reputation is not enough. The talk includes:

A live demo of ExtHuntr

Breakdown of extension permission abuse

Risk scoring logic

Fleet-wide deployment strategies for enterprise use

Attackers already know what your users are running. This talk shows how you can know first.