[{"data":1,"prerenderedAt":280},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":108,"navbar-resource-highlight":182,"press-pages-/news/push-launches-malicious-browser-extension-blocking":226},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"ga0kpxjhh76",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":97,"lastUpdated":98,"firstPublished":99,"testRatio":23,"createdBy":100,"lastUpdatedBy":101,"folders":102,"meta":103,"rev":107},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":43,"text":44,"url":29,"blocks":45,"state":93},"ewrererw","testrfesssssssssss",[46,73,81],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Meet Push's browser security experts at BlackHat 2026.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>Book a meeting →\u003C/p>","https://pushsecurity.com/events/blackhat-2026-meeting",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"@type":47,"@version":48,"id":74,"component":75,"responsiveStyles":79},"builder-a2e1f4b9f30b464bb814d7f5de5b0aa7",{"name":76,"options":77,"isRSC":62},"Custom Code",{"code":78,"scriptsClientOnly":6},"\u003Cstyle>\n  .top-banner.bg-web-orange{background:rgb(114, 79, 255);}\n\u003C/style>\n",{"large":80},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69},{"id":82,"@type":47,"tagName":83,"properties":84,"responsiveStyles":88},"builder-pixel-o503s4fpvk","img",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":89},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},"block","hidden","none",{"deviceSize":94,"location":95},"large",{"path":29,"query":96},{},{},1783541846936,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"kind":104,"lastPreviewUrl":105,"hasLinks":6,"breakpoints":106,"hasErrors":6,"hasAutosaves":6},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default",{"xsmall":31,"small":32,"medium":33},"kyujw1aptq",[109,145],{"createdDate":110,"id":111,"name":112,"modelId":113,"published":13,"stageModifiedSincePublish":6,"query":114,"data":115,"variations":138,"lastUpdated":139,"firstPublished":140,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":141,"meta":142,"rev":144},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":116,"type":117,"testimonialLink":118,"testimonial":119},{},"testimonial","/customer-stories/inductive-automation",{"@type":120,"id":121,"model":117,"value":122},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":123,"folders":124,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":128,"variations":132,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":135,"rev":137},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":129,"jobTitle":130,"quote":126,"image":131},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":136,"hasAutosaves":34},{"small":32,"medium":33},"e8bsg4qrgtu",{},1776247404986,1776247404973,[],{"breakpoints":143,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"g9lqcuxphw7",{"createdDate":146,"id":147,"name":148,"modelId":113,"published":13,"meta":149,"stageModifiedSincePublish":6,"query":151,"data":152,"variations":178,"lastUpdated":179,"firstPublished":180,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":181,"rev":144},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":150,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":153,"link":172,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":155},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":156,"folders":157,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":160,"variations":166,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":169,"rev":171},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":170,"hasAutosaves":34},{"small":32,"medium":33},"ulhc0im1hfo",{"text":173,"url":174},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[183,205],{"createdDate":184,"id":185,"name":148,"modelId":186,"published":13,"meta":187,"stageModifiedSincePublish":6,"query":189,"data":190,"variations":200,"lastUpdated":201,"firstPublished":202,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":203,"rev":204},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":188,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":191,"link":199,"type":175,"title":148,"description":176,"image":177},{"@type":120,"id":154,"model":117,"value":192},{"query":193,"folders":194,"createdDate":158,"id":154,"name":159,"modelId":127,"published":13,"data":195,"variations":196,"lastUpdated":167,"firstPublished":168,"testRatio":23,"createdBy":100,"lastUpdatedBy":24,"meta":197,"rev":171},[],[],{"video":161,"jobTitle":162,"author":163,"qoute":29,"quote":164,"image":165},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":198,"hasAutosaves":34},{"small":32,"medium":33},{"text":173,"url":174},{},1776256937553,1776256937540,[],"xggsv10v1q9",{"createdDate":206,"id":207,"name":208,"modelId":186,"published":13,"stageModifiedSincePublish":6,"query":209,"data":210,"variations":220,"lastUpdated":221,"firstPublished":222,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":223,"meta":224,"rev":204},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":211,"type":117,"testimonial":212,"testimonialLink":118},{},{"@type":120,"id":121,"model":117,"value":213},{"query":214,"folders":215,"createdDate":125,"id":121,"name":126,"modelId":127,"published":13,"data":216,"variations":217,"lastUpdated":133,"firstPublished":134,"testRatio":23,"createdBy":100,"lastUpdatedBy":100,"meta":218,"rev":137},[],[],{"author":129,"jobTitle":130,"quote":126,"image":131},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":219,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":225,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"createdDate":227,"id":228,"name":229,"modelId":230,"published":13,"stageModifiedSincePublish":6,"query":231,"data":237,"variations":268,"lastUpdated":269,"firstPublished":270,"testRatio":23,"screenshot":271,"createdBy":272,"lastUpdatedBy":25,"folders":273,"meta":274,"rev":279},1772643697281,"33f99f60cb084b399cd665ea33353de5","PR20260305 Push Security Launches Malicious Browser Extension Blocking","f4b8a13df871497bb5e61c4707cfc5e5",[232],{"@type":233,"property":234,"operator":235,"value":236},"@builder.io/core:Query","urlPath","is","/news/push-launches-malicious-browser-extension-blocking",{"themeId":6,"seoTitle":238,"inputs":239,"ogImage":240,"title":241,"seoDescription":242,"image":240,"date":243,"blocks":244,"url":236,"state":262},"Push Security Launches Malicious Browser Extension Blocking ",[],"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5b1ca78c5ed441cd84c37c33c1db416e","Push Security Launches Malicious Browser Extension Blocking to Stop Emerging Extension-Based Attacks","New capability enables organizations to detect malicious browser extensions and automatically block them from running in employee browsers.","Thu Mar 05 2026 00:00:00 GMT-0800 (Pacific Standard Time)",[245,257],{"@type":47,"@version":48,"id":246,"meta":247,"component":249,"responsiveStyles":253},"builder-6427a29f3d3d46189e337e47406433ca",{"previousId":248},"builder-262d880c4939468096ef7b73f4af7ddf",{"name":250,"options":251,"isRSC":62},"Text",{"text":252},"\u003Cp>\u003Cem>New capability enables organizations to detect malicious browser extensions and automatically block them from running in employee browsers.\u003C/em>\u003C/p>\u003Cp>\u003Cstrong>BOSTON — (March 5, 2026) —\u003C/strong> Push Security, the most powerful AI-native security tool in the browser, today announced today announced new malicious browser extension detection and blocking capabilities within its browser-based security platform. This new feature will enable organizations to automatically block known-bad extensions from running in employee browsers.\u003C/p>\u003Cp>Attackers are increasingly turning to malicious browser extensions as a preferred method of compromise. \u003Ca href=\"https://pushsecurity.com/blog/browser-extension-management-guide\" rel=\"noopener noreferrer\" target=\"_blank\">Recent campaigns such as ShadyPanda, ZoomStealer, and GhostPoster\u003C/a>, along with breaches impacting vendors including Cyberhaven and Trust Wallet, highlight the growing risk posed by compromised extensions.\u003C/p>\u003Cp>“Browser extensions represent one of the most under-monitored attack vectors in modern enterprises,” said Jacques Louw, chief product officer at Push Security. “For modern organizations running different operating systems and browsers across their workforce, it’s hard to know what’s running — let alone what is malicious.”&nbsp;\u003C/p>\u003Cp>\u003Cstrong>A growing and miscalculated threat\u003C/strong>\u003C/p>\u003Cp>Nearly every major app now has a browser extension counterpart, alongside thousands of AI overlays, screen recorders, spell checkers, and design tools. The \u003Ca href=\"https://chromewebstore.google.com/\" rel=\"noopener noreferrer\" target=\"_blank\">Chrome Web Store\u003C/a> alone hosts more than 100,000 extensions, making it clear that this is an expanding attack surface that many organizations do not fully understand.\u003C/p>\u003Cp>“Compounding the issue, most malicious extensions do not begin as malicious,” said Louw. “Attackers frequently create initially benign extensions and later push malicious updates, or&nbsp;take over existing extensions with large install bases, by hacking extension devs, or simply by purchasing the extension legitimately. Once a malicious update is deployed, every browser running the extension can be compromised when their browser next updates.”\u003C/p>\u003Cp>“Simply blocking extensions altogether is unrealistic for most organizations,” he continued. “Security teams need visibility and enforcement without disrupting productivity.”\u003C/p>\u003Cp>Extension code is routinely analyzed as part of the extension upload and approval process; however, attackers routinely evade detection using obfuscated and dynamically compiled code. Extensions are often flagged only after malicious activity is observed in the wild and, more frequently, after a breach has occurred. Even when removed from the store, extensions may remain active in user browsers, underlining the importance of being able to detect and block extensions independently of the web store.\u003C/p>\u003Cp>Push’s new capability enables organizations to automatically block known malicious extensions from running in employee browsers, derived from Push’s continuously updated intelligence database of reported malicious extensions. Customers can enforce policies in monitor or block mode via the Push admin console. When a malicious extension is detected, the platform generates severity-based alerts and can automatically disable the extension in affected browsers.\u003C/p>\u003Cp>Beyond blocking known-bad extensions, Push provides real-time visibility into all extensions running across an organization’s workforce, including metadata such as publisher history, permissions, deployment method, and update activity. This enables security teams to seamlessly manage extensions across browsers and operating systems from a single platform, identify risky extensions, implement allowlists or blocklists, and monitor for suspicious changes such as changes in ownership or permissions.\u003C/p>\u003Cp>The new feature expands Push’s browser-based security platform, which also protects against adversary-in-the-middle (AiTM) phishing, credential stuffing, session hijacking, and other browser-native attack techniques.\u003C/p>\u003Cp>\u003Cstrong>Availability\u003C/strong>\u003C/p>\u003Cp>Malicious extension detection and blocking is available now to Push customers. For more information on malicious browser extension blocking, check out today’s \u003Ca href=\"https://pushsecurity.com/blog/browser-extension-management-guide\" rel=\"noopener noreferrer\" target=\"_blank\">Push blog post\u003C/a>.\u003C/p>\u003Cp>\u003Cstrong>About Push Security\u003C/strong>\u003C/p>\u003Cp>Push Security is the secure enterprise browser extension for security teams. Founded by red team and blue team experts, Push combines high-fidelity browser telemetry, real-time control, and autonomous agents to stop advanced attacks, secure AI usage, harden identities, and prevent data loss — all from your users’ existing browsers, no migration required. Push is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit \u003Ca href=\"https://pushsecurity.com/\" rel=\"noopener noreferrer\" target=\"_blank\">https://pushsecurity.com\u003C/a> or follow \u003Ca href=\"http://x.com/pushsecurity\" rel=\"noopener noreferrer\" target=\"_blank\">@pushsecurity\u003C/a>.\u003C/p>",{"large":254},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"lineHeight":255,"height":256},"normal","auto",{"id":258,"@type":47,"tagName":83,"properties":259,"responsiveStyles":260},"builder-pixel-d52sqnta437",{"src":85,"aria-hidden":86,"alt":29,"role":87,"width":68,"height":68},{"large":261},{"height":68,"width":68,"display":90,"opacity":68,"overflow":91,"pointerEvents":92},{"deviceSize":94,"location":263},{"pathname":236,"path":264,"query":267},[265,266],"news","push-launches-malicious-browser-extension-blocking",{},{},1782828960265,1772715804987,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd284a71db78248f496f9487fd0634c4f","rGmJFEtPqFbC0o3fwsbG5B9aNv03",[],{"kind":275,"hasLinks":6,"originalContentId":276,"breakpoints":277,"winningTest":62,"lastPreviewUrl":278,"hasErrors":6,"hasAutosaves":6},"page","22e996cafde44614a602b3656627987e",{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/news/push-launches-malicious-browser-extension-blocking?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=press-pages&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.press-pages=33f99f60cb084b399cd665ea33353de5&builder.overrides.33f99f60cb084b399cd665ea33353de5=33f99f60cb084b399cd665ea33353de5&builder.overrides.press-pages:/news/push-launches-malicious-browser-extension-blocking=33f99f60cb084b399cd665ea33353de5&builder.options.locale=Default","6z1zl5mdiwd",1784196735598]