Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

April 15, 2025

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations.
LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge

Source: Read More

Previous ArticleThe Code to Survival: Taiwan’s Cybersecurity Pivot Explained

Next Article Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

Highlights

CVE-2024-46992 – Electron ASAR Integrity Bypass on Windows

July 1, 2025

CVE ID : CVE-2024-46992

Published : July 1, 2025, 2:15 a.m. | 5 hours, 18 minutes ago

Description : Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacted. Specifically this issue can only be exploited if the app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against. This issue has been patched in versions 30.0.5 and 31.0.0-beta.1. There are no workarounds for this issue.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Scaling Up Reinforcement Learning for Traffic Smoothing: A 100-AV Highway Deployment

Boosting team productivity with Amazon Q Business Microsoft 365 integrations for Microsoft 365 Outlook and Word

10+ Best Free WordPress Themes for Photographers in 2025

Rilasciato Calibre 8.4: Gestione avanzata degli eBook e miglioramenti per KEPUB su GNU/Linux

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

CVE-2024-46992 – Electron ASAR Integrity Bypass on Windows

New ServiceNow flaw lets attackers enumerate restricted data

Windows 11 KB5060829 update rolls out to Release Preview with taskbar & voice upgrades

OpenAI goes all in on hardware, will buy Jony Ive’s AI startup

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Related Posts