The AI Extension Trap: What Small Businesses Need to Know About Malicious Browser Extensions

The Threat

A New Wave of Malicious Browser Extensions

Researchers at LayerX discovered 30 malicious browser extensions disguising themselves as AI productivity tools; AI helpers, ChatGPT sidebar assistants, AI writing tools, and more. They appear in the official Chrome Web Store, often with convincing descriptions and positive-looking reviews. They passed Google's own review process before being flagged and removed, but not before being downloaded over 260,000 times. Some of the extensions were even granted a "Featured" badge, which really adds to their apparent legitimacy!

This isn't an entirely new category of threat, but the AI angle is new and it's working because everyone is excited about AI right now. People are far more likely to install these tools without thinking twice. The question "is this legitimate?" gets skipped in the enthusiasm to try the new shiny thing.

Once installed, these extensions were observed to do the following:

• Extracting the full text content of every page you visit, including internal systems, authenticated portals, and sensitive business applications, and sending it to a third-party server

• Recording voice input via the browser's speech recognition API and returning transcripts to the remote server

• Tracking install and uninstall events via embedded analytics, likely for monetisation or campaign refinement purposes

Why It's Harder to Stop Than You'd Think

The Shadow IT Problem You Didn't Know You Had

Most business owners assume that if their staff don't have admin privileges on their computers, they can't install unauthorised software. For the most part, that's true. For Google Chrome (and its extensions) it isn't.

Chrome is deliberately designed to be able to install into a user's own profile folder (rather than the system-wide Program Files directory). This means no admin password is required; a standard user on a locked-down Windows machine can still install Chrome in under two minutes, and then install whatever extensions they like.

This is a classic shadow IT problem: tools your staff are using that your or your IT team doesn't know about, hasn't assessed, and has no visibility into. The risk isn't just malicious intent; even a well-meaning employee who installs a dodgy "free AI assistant" extension is unknowingly opening the door.

It's also worth noting that Microsoft Edge, the browser built into Windows, is also Chromium-based and can install extensions from the Chrome Web Store. So the attack surface isn't limited to Chrome users.

“The risk isn't just malicious intent; even a well-meaning employee who installs a dodgy "free AI assistant" extension is unknowingly opening the door.”

This is also a GDPR Problem

The Legal Risk Your Staff Don't Know They're Creating

This creates more than a security issue for your business. If your staff handle any personal data in the course of their work (client emails, invoices, contact records, HR correspondence, etc.) and a malicious extension is silently exfiltrating that content to a third-party server, you almost certainly have a personal data breach on your hands under UK GDPR law.

The extension doesn't discriminate; it scrapes what's on screen. If that happens to include a client's name, email address, or any other personally identifiable information, it has left your control and gone somewhere you didn't authorise.

The legal implications are significant:

Mandatory breach reporting: under UK GDPR, if a breach is likely to result in a risk to the rights and freedoms of individuals, you have 72 hours to report it to the Information Commissioner's Office (ICO). The uncomfortable reality here is that most businesses won't know the exfiltration happened; the staff member installed what looked like a helpful AI tool. You can't report a breach you don't know about, and you can't remediate one you can't trace.

Liability sits with the business, not the employee: the employee who installed the extension almost certainly did so in good faith. That doesn't matter under data protection law. Your business is the data controller. If client data was scraped and ends up misused or disclosed, the ICO will look at the controls your business had in place... Or didn't. "We didn't know a member of staff installed it" is not a defence; it's an admission that appropriate technical measures weren't in place.

The ICO does act against small businesses: enforcement isn't reserved for large organisations. The reputational damage of having to notify clients that their data may have been compromised is often more painful for a small business than any regulatory fine.

The silver lining: the practical controls described in Section 4 of this article (particularly the browser extension allow-list) are exactly the kind of "appropriate technical and organisational measures" that Article 32 of UK GDPR requires you to implement. Having a documented policy controlling which extensions are permitted on company devices is demonstrable evidence of compliance. It's not just good IT practice; it's part of your legal obligation as a data controller

 What Enterprise Organisations Do

The Full-Fat Solution (And Why It's Not For Everyone)

Large enterprises tackle this with what's called application control; a security model where only pre-approved software is allowed to run. Nothing else executes, full stop. Microsoft's own tool for this is called App Control for Business (previously known as Windows Defender Application Control, or WDAC), and third-party platforms like ThreatLocker take a similar default-deny approach with a more managed service wrapper around it.

Microsoft describes App Control for Business as "one of the most effective ways to prevent unwanted code from running in your environment"; and that's not marketing hyperbole. A properly configured policy can prevent Chrome from launching even if a user manages to install it into their profile. It can enforce the same rules across an entire fleet of devices, deployed centrally through Intune.

But Microsoft's own documentation is unusually candid about the complexity involved. Their design guide opens with the acknowledgement that "many people consider App Control 'too hard'", and notes that "issues that lead to failure with App Control often arise from business issues rather than technology challenges." In plain terms, it requires careful planning, thorough testing, and ongoing governance. A misconfigured policy can prevent legitimate software from running, and rolling back changes isn't always straightforward. Microsoft also notes that they don't yet offer a single unified management interface for App Control; administrators typically need to combine multiple tools to cover the full deployment lifecycle.

Third-party platforms like ThreatLocker aim to simplify this with a more managed, GUI-driven approach — but carry per-device monthly subscription costs that accumulate quickly for small teams, and still require someone capable of administering the allow-listing decisions on an ongoing basis.

This doesn't mean small businesses can't do anything. It means the solution needs to be proportionate.

What Small Businesses Can and Should Do

Practical, Proportionate Controls That Actually Work

For a Microsoft-stack small business, the typical scenario for most of our clients, there's a realistic set of controls that provide meaningful protection without requiring enterprise licencing or a full-time IT team.

1. Standardise on Microsoft Edge - Edge is the browser built into Windows and comes with far better built-in management controls than Chrome. Microsoft's Intune device management platform has native, granular policy controls for Edge that don't require importing third-party configuration templates. If you're a Microsoft 365 Business Premium customer, you already have the tools to enforce Edge as your standard browser.
   
   
2. Lock Down Browser Extensions with an Allow-list - Both Edge and Chrome support extension management policies that can be pushed through Intune. The approach is simple: block all extensions by default (using a wildcard block-list), then explicitly allow only the extensions your business has reviewed and approved. For most small businesses, that list is short; typically a password manager, and perhaps one or two business-specific tools. Everything else is blocked. Users see a clear "blocked by admin" message if they try to install anything outside the list.
   
   
3. Know What's Already Installed - Before locking things down, it's worth auditing what's already there. Microsoft Defender for Endpoint (included in Business Premium) has browser extension inventory capabilities that can show you exactly what extensions are installed across your entire fleet. You may be surprised. This is also useful for identifying any immediate risks that need addressing before you implement the allow-list policy.
   
   
4. Detect and Remove Unapproved Browsers via Intune - Intune supports PowerShell-based remediation scripts that can detect whether an unapproved browser has been installed and remove it. This isn't as seamless as a full application control solution, but it's achievable within the Business Premium licence and provides a meaningful ongoing check. Scripts can be scheduled to run regularly, catching reinstalls as well as initial installations.
   
   
5. Educate Your Staff. Genuinely - Policy and technical controls are more effective when people understand why they exist. A short internal note explaining that fake AI extensions are a real and growing threat, and that the extension controls are there to protect both the business and individual staff members, goes a long way. People are much less likely to try to work around controls they understand and agree with.

The Bigger Picture

This Is a Shadow IT Problem as Much as a Security Problem

Browser extensions sit in an awkward gap: they're not full applications (so traditional software controls often miss them), they don't require admin rights to install, and they run with surprisingly broad permissions inside the most sensitive environment on a work computer; the browser itself.

The AI extension wave is making this worse. When an extension promises to make you more productive with AI, the instinct to just try it is understandable. But "I got it from the Chrome Web Store" is not a security guarantee. Extensions on the Chrome Web Store have been compromised, have contained malware from the start, and have been used in sophisticated attacks against organisations of all sizes.

The good news is that for small businesses, the right controls are achievable. A properly managed Edge deployment with an extension allowlist, backed by Defender for Endpoint visibility, gives you a robust baseline — without the complexity and cost of enterprise application control.

If you're not sure what's running in your team's browsers right now, that's the first thing to find out.