Today we’re excited to announce Browsium 4.9.7, our most significant security-focused release yet. This update introduces powerful new capabilities specifically designed to address the escalating browser extension security threats that have become the #1 attack vector in enterprise environments.
With recent supply chain attacks affecting over 2.6 million users across 30+ browser extensions in December 2024 alone, and research showing that 67% of enterprise data breaches now involve malicious or risky browser extensions, organizations need proactive tools to assess and monitor extension risks before they become security incidents.
Extension Analyzer: Proactive Risk Assessment
The centerpiece of this release is our new Extension Analyzer tool, which empowers IT security teams to evaluate browser extensions before they’re deployed across the enterprise. Simply upload any browser extension installation package (.crx, .xpi, or .zip files) and receive an instant, comprehensive risk score analysis.
Key capabilities include:
The Extension Analyzer is particularly valuable for organizations implementing “approve-first” extension policies or conducting security reviews of business-critical extensions. Instead of waiting weeks for manual security reviews, teams can now get actionable risk intelligence in seconds.<
Configurable Risk Parameters: Navigate to Configuration > Extension Analyzer Configuration to fine-tune how risk scores are calculated based on your organization’s specific security requirements. Adjust weighting for factors like:
Extension Updates: Real-Time Change Monitoring
Our second major addition is the Extension Updates page (found under Clients menu), which provides unprecedented visibility into extension changes across your enterprise browser environment.
Complete Change Visibility: See every extension update that occurs on any PC running Browsium Client, with detailed information including:
Side-by-Side Comparison: Click any row in the updates table to open a comprehensive comparison dialog showing exactly what changed between extension versions. This includes:
This capability addresses a critical blind spot for enterprise security teams. Research shows that 51% of enterprise browser extensions haven’t been updated in over a year, but when updates do occur, they can introduce new risks or even malicious functionality—as seen in recent supply chain attacks where legitimate extensions were compromised through malicious updates.
Extension-Based Attacks Are Accelerating: The December 2024 Cyberhaven attack demonstrated how attackers can compromise trusted extensions to harvest business credentials and API keys from hundreds of thousands of users within 48 hours. Traditional security tools miss these attacks because they occur within trusted browser environments.
Shadow Extension Deployment: Organizations report that 52% of users run more than 10 extensions simultaneously, with 26% of enterprise extensions sideloaded outside official channels. The Extension Analyzer enables security teams to assess risks before extensions are deployed, while Extension Updates monitoring catches changes after deployment.
Compliance Requirements: With GDPR, CCPA, and emerging privacy regulations requiring detailed data processing documentation, organizations need visibility into what browser extensions actually do with user data—not just what they claim to do.
Extension Analyzer is immediately available in your Browsium dashboard. Access it through the main navigation menu and start uploading extension packages for analysis. We recommend beginning with your most business-critical extensions or any extensions requested for enterprise deployment.
Extension Updates Monitoring is automatically enabled for all Browsium Client deployments. Navigate to Clients > Extension Updates to see recent changes across your environment. Set up automated alerts for high-risk changes through the Alerts configuration section.
Browsium 4.9.7 includes a critical infrastructure update: our browser extension has been migrated from Manifest V2 to Manifest V3 to ensure continued compatibility with Chromium-based browsers. With Google Chrome and Microsoft Edge planning to deprecate Manifest V2 extensions later this summer, this migration ensures uninterrupted service for all Browsium deployments.
What this means for you:
This proactive migration demonstrates Browsium’s commitment to staying ahead of browser platform changes that could impact enterprise security monitoring.
This release represents a significant step forward in our mission to provide complete visibility and control over enterprise browser environments. Based on customer feedback and emerging threat intelligence, our next releases will focus on:
Browsium 4.9.7 is available immediately for all enterprise customers. The management console will automatically update within 24 hours, while Browsium Client updates can be deployed through your existing enterprise software distribution channels.
For detailed upgrade instructions and technical documentation, visit our support site or contact your customer success manager.
New to Browsium? Connect with us and we’ll help you assess your needs and get started on an evaluation.
