Skip to content

119 Microsoft Edge Add-ons Infected with Malware

Bottom line: 2.6 million Microsoft Edge users were exposed to malware in 119 hidden browser add-ons – a failure of marketplace validation processes with direct implications for enterprise-wide endpoint controls.

Security researchers discovered malware in 119 browser extensions for Microsoft Edge, which were installed a total of over 2.6 million times. The malicious software was intentionally obfuscated and could have been missed by automated checks.

The affected add-ons came from the Microsoft Edge Add-ons Store and posed a risk to user data over an extended period of time. The malware was structured to be integrated into the code of extensions or loaded as external scripts – techniques typically used to evade detection by security checks.

For CISOs, this is an immediate governance problem: browser add-ons are a frequently overlooked vector in endpoint security. Millions of users install such extensions with confidence in the validation performed by platform operators like Microsoft. When these controls fail or are too weak, a large-scale infection risk emerges that traditional endpoint protection tools may not adequately cover.

Immediate audits of browser extensions in the enterprise environment are recommended, along with adjustments to browser policies to restrict the add-on catalog and regular audits of installed extensions. At the same time, the actual CVE-IDs and a precise list of affected add-ons should be requested from Microsoft or security researchers to enable targeted remediation.


Source: www.golem.de · Published June 29, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: