Duo Security Digs Into Chrome Extension Security With CRXcavator

Do you know if the Chrome browser extensions that are being used across your enterprise are a potential risk? That's a question that until today wasn't as easy to answer as it should have been. Cisco's Duo Security business unit is announcing the public beta of a new tool called CRXcavator on Feb. 21 that will make it easier for organizations to take inventory of the Chrome extensions running across their enterprise, understand what if any risk they pose and then link that to a policy for secure deployment. As part of the effort to build CRXcavator, Duo also looked at more than 120,000 Chrome extensions to discover potential security concerns and risks. "While we did analyze data from the Chrome Web Store, our focus was on trying to learn more about the security properties of the larger browser extension ecosystem and position that information in a way that provided value to organizations and individuals," Josh Yavor, senior manager of corporate security at Duo Security, told eWEEK. "The problem we're trying to solve here is that it's really difficult for any individual or organization to look at any given Chrome extension and decide whether or not the risk that the extension brings is acceptable."