Google is enhancing control for IT administrators over Chrome browser extensions, addressing security concerns linked to cybercriminal activity. As part of a new set of features for organizations using Chrome Enterprise, IT admins will soon be able to remotely remove installed extensions and prevent future downloads. The initiative includes a curated Chrome Web Store experience tailored for businesses, making it easier for employees to find pre-approved extensions. This update aims to minimize risks associated with harmful extensions, highlighted by a phishing campaign that hijacked legitimate Chrome extensions last December. Additional tools for admins will be available later this year, including the ability to display custom messages on extension pages to inform users about compliance with company policies.
Why do we care?
Chrome extensions are a common vector for cyberattacks, with malicious or compromised extensions acting as entry points for phishing, data exfiltration, or malware. Google’s move to enhance administrative controls over these extensions addresses a long-standing security gap in browser management. For IT service providers, particularly MSPs managing environments for SMBs or larger enterprises, this update is a significant step toward reducing risk exposure.
IT service providers should familiarize themselves with these tools immediately and consider incorporating browser security audits into their service offerings.