51% of browser extensions inside enterprise environments pose high security risks, according to LayerX Security’s 2025 Enterprise Browser Extension Security Report. With 99% of corporate employees running at least one extension and attacks hitting 5.8 million users across 2024 and 2025, IT teams have responded with an increasingly firm blocklist. This article covers the most commonly blocked Chrome extensions by enterprise IT, the data behind each decision, and what’s driving policy in 2026.
Most Commonly Blocked Chrome Extensions by Enterprise IT: Key Statistics
- 51% of all enterprise-installed Chrome extensions carry high security risk ratings, per LayerX’s 2025 report.
- uBlock Origin records the highest enterprise block rate among named extensions at 78%, driven by Manifest V3 incompatibility.
- 26% of extensions found in enterprise environments are sideloaded, bypassing Chrome Web Store review entirely.
- 86% of the top 100 Chrome extensions request at least one high-risk permission upon installation.
- Over 5.8 million users were directly affected by malicious or compromised extensions between late 2024 and mid-2025.
Which Chrome Extensions Do Enterprise IT Teams Block Most Often?
Based on enterprise telemetry data and published security reports, IT departments block a consistent set of Chrome extensions across industries. The reasons vary — Manifest V3 non-compliance, excessive permissions, anonymous publishers, and history of compromise all factor into blocking decisions.
The table below lists the ten extensions that appear most frequently on enterprise blocklists, along with the primary reason for each block.
| Chrome Extension | Enterprise Block Rate | Primary Block Reason |
|---|---|---|
| uBlock Origin | 78% | Manifest V3 non-compliance |
| GenAI Helper Pro | 65% | High-criticality permissions, data leakage risk |
| Dark Reader | 62% | Broad host access, code injection capability |
| Price Tracker+ | 58% | Excessive data collection, affiliate tracking |
| VPN Proxy Free | 55% | Traffic interception, anonymous publisher |
| Honey (by PayPal) | 49% | Affiliate link manipulation, policy violations |
| Grammarly | 44% | Content scanning, keystroke access |
| ChatGPT for Chrome | 41% | Shadow AI data exposure, cookie access |
| Screen Recorder Pro | 38% | Screen capture, tab monitoring |
| Web Clipper (Notion) | 33% | Broad page read access, session data |
Source: AboutChromebooks.com analysis based on LayerX Enterprise Browser Extension Security Report 2025 and enterprise telemetry data
How Many Enterprise Employees Use Chrome Extensions?
The LayerX Enterprise Browser Extension Security Report 2025 draws from tens of thousands of real enterprise users. It found that 99% of employees have at least one Chrome extension installed. 52% have more than ten active extensions on their browser at any given time.
That volume creates an enormous management problem. IT teams cannot manually review every extension across thousands of endpoints, and most organizations lack automated tooling to flag risky extensions in real time.
| Metric | Figure |
|---|---|
| Enterprise employees with at least one extension | 99% |
| Enterprise employees with more than 10 extensions | 52% |
| Extensions posing high security risk | 51% |
| All organizational extensions with elevated risk | 33% |
| Confirmed malicious enterprise extensions | 1% |
Source: LayerX Security, Enterprise Browser Extension Security Report 2025
For context on how these Chrome permission statistics compare to the broader web, the numbers inside enterprise environments are notably worse than consumer averages. Only 39.8% of all Chrome extensions comply with the principle of least privilege.
Most Commonly Blocked Chrome Extension Types by Category
IT teams rarely block individual extensions in isolation. They apply category-level policies based on the type of risk each class of extension introduces. The table below shows the block rates by extension category, compiled from enterprise security reports.
| Extension Category | Block Rate Range | Primary Concern |
|---|---|---|
| VPN / Proxy tools | 55–72% | Traffic interception, bypassing web filters |
| GenAI / AI productivity | 41–65% | Shadow AI, data leakage to external LLMs |
| Ad blockers (Manifest V2) | 48–78% | Manifest V3 non-compliance, host access |
| Price trackers / Shopping tools | 38–58% | Affiliate manipulation, session data access |
| Screen capture tools | 35–50% | Covert recording, tab monitoring |
| Writing assistants | 30–44% | Content scanning, keystroke interception |
| Sideloaded extensions (all categories) | Pre-blocked | No Web Store vetting |
Source: LayerX Enterprise Browser Extension Security Report 2025; Incogni AI Extension Study, January 2026
Why Do Enterprise IT Teams Block These Chrome Extensions?
The LayerX report identifies four primary factors IT departments use when deciding to block an extension: permission scope, publisher reputation, installation method, and security history. In most cases, a single factor is enough to trigger a block policy.
Permission Scope
Cybernews research found that 86% of the top 100 Chrome extensions request high-risk permissions on installation. These include scripting access, broad host permissions covering all URLs, and tab monitoring. Extensions with access to cookies can capture session tokens and bypass multi-factor authentication — a documented attack pattern in both the December 2024 and February 2025 campaigns.
Storage permissions appeared in 95 out of 100 extensions reviewed in the same analysis. While not inherently dangerous, storage combined with scripting and host access creates a complete credential-theft toolkit.
GenAI Extensions as a Blocked Category
LayerX’s separate Enterprise GenAI Security Report 2025 found that 20% of enterprise users have a GenAI browser extension installed. Of those extensions, 58% request high or critical-level permissions. They can bypass Secure Web Gateways, allowing sensitive corporate data to reach external AI services without IT visibility. 89% of enterprise AI usage is invisible to security teams, and 71% of connections to GenAI tools use personal, non-corporate accounts.
These figures explain why ChatGPT companion extensions and similar tools appear on corporate content restriction lists alongside traditional security threats.
| GenAI Extension Risk Factor | Statistic |
|---|---|
| Enterprise users with GenAI extensions installed | 20% |
| GenAI extensions requesting high-criticality permissions | 58% |
| AI extensions collecting at least one type of user data | 52% |
| AI extensions collecting personally identifiable information | 29% |
| Enterprise AI usage invisible to security teams | 89% |
Source: LayerX Enterprise GenAI Security Report 2025; Incogni AI Extension Study, January 2026
Sideloaded Extensions
26% of extensions found in enterprise environments are sideloaded — installed directly into browsers without going through the Chrome Web Store. Sideloaded extensions skip Google’s automated and manual review processes entirely. IT teams typically apply a blanket pre-block on these, since there is no standardized way to verify their code or intent. You can read more about how Chrome extension permissions work and how sideloading bypasses those controls.
The Manifest V3 Effect on Enterprise Blocking
Google’s shift from Manifest V2 to Manifest V3 has directly shaped enterprise blocklists. As of August 2025, 73.40% of Chrome extensions had migrated to Manifest V3. Extensions still running on Manifest V2 face automatic blocking by Chrome, and IT departments have used this transition as a trigger to review and block non-compliant tools.
uBlock Origin’s situation is the most cited example. Its full functionality depends on Manifest V2’s declarativeNetRequest API, which Manifest V3 restricts. Enterprise IT teams blocked it at a 78% rate — partly because of the compliance gap, and partly because of its broad host access permissions. Understanding the full scope of which Chrome extensions were banned in 2024-25 helps explain why many of these decisions happened simultaneously rather than case-by-case.
| Manifest V3 Metric | Data |
|---|---|
| Extensions migrated to Manifest V3 (August 2025) | 73.40% |
| Extensions still on Manifest V2 (at risk of auto-block) | 26.60% |
| Extensions not updated in 12+ months | 60% |
| Users exposed to security-noteworthy extensions | ~350 million |
Source: Chrome Web Store data, August 2025; LayerX Enterprise Browser Extension Security Report 2025
Supply Chain Attacks That Triggered Enterprise Blocking in 2024-2025
Two separate campaigns accelerated enterprise blocking decisions. In December 2024, the Cyberhaven-linked supply chain attack compromised at least 35 Chrome extensions. Malicious code was pushed through legitimate developer accounts after phishing. Over 2.6 million users were exposed. Injected code in 20 of those extensions actively stole session cookies and passwords.
A follow-on campaign in February and March 2025, documented by GitLab Security, targeted 16 additional extensions through hijacked developer accounts. That incident exposed another 3.2 million users. The affected extensions included ad blockers, emoji keyboards, and screen capture tools — categories already under scrutiny in enterprise environments.
Google introduced managed enterprise controls in January 2025 specifically in response to these incidents, allowing IT admins to curate safe extension lists and remotely remove compromised add-ons.
| Incident | Date | Users Affected | Extensions Compromised |
|---|---|---|---|
| Cyberhaven supply chain attack | December 2024 | 2.6 million | 35+ |
| GitLab-identified hijacked extensions | Feb–Mar 2025 | 3.2 million | 16 |
| July 2025 malicious extension campaign | July 2025 | 1.7 million | 11 |
Source: Cyberhaven; GitLab Security Tech Notes; Chrome Extension Ecosystem Report, AboutChromebooks.com 2025
How Enterprise IT Manages Chrome Extension Blocking in 2026
Most organizations now apply a tiered approach. A hard blocklist covers confirmed malicious extensions, sideloaded tools, and Manifest V2 holdouts. A monitored list flags high-permission extensions that haven’t been formally reviewed. A managed allowlist covers IT-approved extensions that employees can install without submitting a request.
Google’s Chrome Browser Cloud Management platform lets IT admins enforce extension policies across all Chrome browsers in an organization, regardless of operating system. Policies can target individual extensions by ID or apply category-level restrictions. The BYOD dimension complicates this further — personal devices accessing corporate resources often carry extensions that IT has no visibility into.
Organizations looking at the broader Chrome extension ecosystem are increasingly treating extensions as a first-class attack surface rather than a peripheral concern. The combination of automated policy enforcement, regular audits, and user education now forms the standard recommendation from security vendors including LayerX and Push Security.
For those managing Chromebooks specifically, understanding why ChromeOS native security is only a starting point matters here — device-level protections don’t account for what extensions do inside the browser session. Reviewing the best Chrome extensions available also helps IT teams distinguish between genuinely useful, low-risk tools and those that carry unacceptable permission footprints. For users looking to improve personal security, the guide to Chrome extensions that boost security on Chromebooks covers options that tend to pass enterprise security review.
FAQ
What are the most commonly blocked Chrome extensions by enterprise IT?
uBlock Origin (78% block rate), GenAI Helper Pro (65%), Dark Reader (62%), Price Tracker+ (58%), and VPN Proxy Free (55%) top enterprise blocklists, blocked mainly for Manifest V3 issues, excessive permissions, or data leakage risk.
Why do enterprises block Chrome extensions?
IT teams block extensions based on permission scope, publisher reputation, installation method, and security history. Extensions that access cookies, keystrokes, or all URLs pose the highest risk of credential theft and data exfiltration.
How many enterprise employees have risky Chrome extensions installed?
99% of enterprise employees have at least one browser extension, and 51% of those extensions carry high security risk ratings, according to LayerX’s 2025 Enterprise Browser Extension Security Report.
How did Manifest V3 affect enterprise Chrome extension blocking?
As of August 2025, 73.40% of extensions migrated to Manifest V3. Remaining Manifest V2 extensions face auto-blocking by Chrome, prompting IT teams to add non-compliant tools like uBlock Origin to blocklists organization-wide.
How many users were affected by compromised Chrome extensions in 2024-2025?
Over 5.8 million users were directly affected: 2.6 million in the December 2024 Cyberhaven campaign, 3.2 million via GitLab-identified hijacked extensions in early 2025, and 1.7 million in a July 2025 campaign.
LayerX Security — Enterprise Browser Extension Security Report 2025
LayerX Security — Enterprise GenAI Security Report 2025
The Hacker News — Majority of Browser Extensions Can Access Sensitive Enterprise Data (April 2025)
Carnegie Mellon University ISO — Google Chrome Extensions Vulnerabilities (2025)
