#browser-security

#browser-security

Much of cybersecurity's mitigations were designed years ago to protect infrastructure and data, which was correct at the time. But company use of the internet has changed. Cloud computing and remote working have hastened the demise of the perimeter, and the arrival of AI has increased the speed of attacks. The old methods no longer work, yet cybersecurity has not adapted its core defense.

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting sensitive data on these browsers.

Anthropic is launching a research preview of a browser-based AI agent powered by its Claude AI models, the company announced on Tuesday. The agent, Claude for Chrome, is rolling out to a group of 1000 subscribers on Anthropic's Max plan, which costs between $100 and $200 per month. The company is also opening a waitlist for other interested users. By adding an extension to Chrome, select users can now chat with Claude in a sidecar window that maintains context of everything happening on their browser. Users can also give the Claude agent permission to take actions in their browser and complete some tasks on their behalf.

The Geco color picker extension, while appearing safe and helpful, hijacks browser sessions, tracks user activities, and backdoors victims' web browsers, highlighting significant security concerns.

The architectural limitations of SSE platforms leave organizations exposed at the critical last mile of user interaction—inside the browser, where real risks arise.

According to The State of Workforce Security, approximately 85% of the workday is spent on browser-related activities using SaaS and web apps, underscoring the need for robust security measures.