Why Untrusted Sites Should Not Sit Beside Sensitive Browser Tabs
June 10, 2026

Why Untrusted Sites Should Not Sit Beside Sensitive Browser Tabs

Most employees work with many browser tabs open at once.

One tab may contain corporate email. Another may show a customer platform. Another may be an internal dashboard. Beside them, there may be a public forum, personal tool, or unknown website.

That may feel normal. But in browser security, what sits side by side can matter.

Some web attacks do not need to steal passwords or install malware. They try to learn small pieces of information from the way browser tabs, windows, and web sessions interact. These are known as XS-Leaks, or cross-site leaks.

The risk is not that every open tab is dangerous. The risk is that sensitive business apps and untrusted websites often run in the same browser environment without teams having enough visibility.

Chrome Readiness Assessment helps teams review browser activity across devices, domains, usage patterns, and browser security signals. Within Browser Insights, CEP Accelerator helps connect those findings to relevant Chrome Enterprise Premium capabilities, so organizations can decide where stronger browser-layer protection may be needed.

Why open browser tabs can create risk 

Modern work happens inside the browser.

Employees move between email, SaaS apps, cloud tools, customer systems, file platforms, developer portals, and public websites throughout the day. This creates a mixed browser environment where trusted and untrusted sites may remain open at the same time.

Most of the time, this is harmless.

But browser-based side-channel attacks show that some websites may try to infer information from another site without directly accessing its data. For example, a malicious or untrusted page may try to learn whether a user is logged in, whether certain content exists, or how another web app responds in the background.

That is why browser isolation matters.

The Cross-Origin Opener Policy is one example of a browser security control that helps separate browsing contexts and reduce cross-origin exposure. Gmail’s update on protecting users from XS-Search shows why this type of browser-level protection is becoming more important for high-value business applications.

For enterprises, the main point is simple:

If sensitive work and untrusted browsing happen side by side, security teams need better visibility into where that exposure may exist.

Why this is hard for teams to manage 

Open tabs feel ordinary.

A user may not notice anything unusual. There may be no download, no phishing email, no malware warning, and no obvious blocked page.

That makes this risk difficult to spot.

Security teams may know which devices are managed. They may know which users have access to business applications. But they may not always have a clear browser-level view of which domains are being accessed, how often they are used, which devices are involved, or whether risky browsing activity is happening near sensitive work.

The issue is not only about one unsafe website.

It is about mixed browser activity.

A device may be used for corporate email, cloud storage, internal tools, and unknown websites within the same working session. Without visibility, teams may struggle to understand where browser-layer exposure is building. 

Where Chrome Readiness Assessment adds clarity 

Chrome Readiness Assessment gives teams a clearer way to review browser activity across the organization.

For this type of risk, the value is in understanding the browser environment around the user’s work.

Browser Insights can show useful signals such as browsers in use, browser versions, risky or unsecured domains accessed, affected devices, visit count, total usage time, and device-level browser details.

This gives teams a practical starting point.

For example, if devices that access sensitive business tools are also repeatedly visiting unknown or risky destinations, teams can review whether that activity is expected, acceptable, or worth controlling more closely.

If certain departments show heavier use of unsecured or untrusted web destinations, security teams can prioritize those areas first.

The goal is not to panic over every open tab.

The goal is to understand where sensitive work and risky web activity may be overlapping inside the browser.

How Chrome Enterprise Premium supports protection 

Visibility helps teams understand the risk. Stronger browser controls help reduce it.

Chrome Enterprise Premium helps organizations strengthen protection at the browser layer, where users access business data and web applications every day.

For open-tab and cross-site exposure risks, relevant controls can include secure enterprise browsing, URL filtering, threat protection, data protection, data protection rules in Chrome, context-aware access, and browser policy enforcement.

This matters because organizations do not need to block every website or every tab.

They need to understand which browsing patterns create risk, then apply controls where they matter most.

Within Browser Insights, CEP Accelerator helps connect browser findings to Chrome Enterprise Premium capabilities. This gives teams a clearer way to prioritize protection around risky domains, sensitive browser activity, and devices that need stronger browser-layer control.

Why business leaders should care 

For business leaders, this is not just a technical browser issue.

Employees use browsers to access customer data, company email, financial systems, HR platforms, cloud storage, and internal tools. If untrusted websites are also open in the same browser environment, the organization needs a way to understand and reduce that exposure.

Open tabs are part of normal work.

But normal work still needs visibility.

Chrome Readiness Assessment brings browser activity into view. CEP Accelerator helps connect the most important findings to Chrome Enterprise Premium capabilities. Chrome Enterprise Premium helps strengthen protection where business work happens most: inside the browser.

FAQ

Are open browser tabs always risky?

No. Having multiple tabs open is normal. The risk increases when sensitive business apps and untrusted or risky websites are active in the same browser environment without enough visibility or control.

What are XS-Leaks?

XS-Leaks, or cross-site leaks, are browser side-channel attacks where a website may infer small pieces of information from another site by observing browser behavior, responses, or cross-site interactions.

What is browser tab isolation?

Browser tab isolation refers to separating browsing contexts so that one website has less ability to interact with or infer information from another. Controls like Cross-Origin Opener Policy can support stronger separation.

How does Browser Insights support this issue?

Browser Insights can give teams visibility into browser usage, risky or unsecured domains, visit count, usage time, affected devices, browser versions, and device-level browser details.

How does Chrome Enterprise Premium help?

Chrome Enterprise Premium helps strengthen browser-layer protection with controls such as secure enterprise browsing, URL filtering, threat protection, data protection, context-aware access, and browser policy enforcement.

Open browser tabs may look harmless, but they can create exposure when sensitive business apps and untrusted websites run side by side. Use Browser Insights in Chrome Readiness Assessment to review browser activity, risky or unsecured domains, affected devices, visit count, and usage time, then use CEP Accelerator to connect key findings to Chrome Enterprise Premium capabilities that help strengthen browser-layer protection.

Ovindi Gunawardane

Chrome Readiness Assessment

Related Blogs

When Browser Update Delays Create a Security Gap
June 11, 2026

When Browser Update Delays Create a Security Gap

Most browser security gaps do not start with a major breach.

Sometimes they start with a simple button employees avoid clicking.

“Restart to update.”

For users, restarting the browser feels inconvenient. They may have important tabs open, unfinished work, active dashboards, draft emails, or logged-in tools they do not want to lose. So the update waits.

But for the organization, that delay can create a real security gap.

Modern browsers receive regular updates because new vulnerabilities are constantly discovered and fixed. Chrome release notes frequently include security fixes, and Google notes that some bug details may remain restricted until most users have updated with the fix. That means an outdated browser is not just old software. It may be a browser still carrying known security weaknesses.

Browser Insights in Chrome Readiness Assessment helps teams see where this risk exists across the organization. Instead of hoping every user restarts their browser on time, IT and security teams can use Browser Version Overview, High-Risk Browsers, Device Security Status, and per-device insights to identify where outdated or risky browser versions need attention.

CEP Accelerator then helps connect those findings to Chrome Enterprise Premium capabilities that can strengthen browser-layer protection through policy enforcement, threat protection, context-aware access, URL controls, data protection, and centralized secure enterprise browsing.

Why browser updates are easy to delay 

Employees usually delay updates because they are busy, not because they ignore security.

A browser may stay open for days with multiple tabs, logged-in tools, reports, dashboards, and documents. Restarting feels like losing momentum, so users postpone it.

This creates a gap between when an update is available and when it is actually applied.

In a business environment, that gap matters. The browser is used for email, SaaS platforms, customer systems, internal portals, cloud storage, HR tools, finance platforms, and AI tools. When updates are delayed, sensitive work may continue through browser versions that are no longer aligned with the organization’s intended security posture.

The hidden risk of browser version drift 

The risk is not only one outdated browser.

The bigger issue is version drift across the fleet.

One team may be fully updated. Another may be several versions behind. Some employees may use secondary browsers that are not managed as closely. Some devices may continue handling sensitive sessions even when their browsers need updates.

From the outside, work continues normally.

But inside the browser environment, the organization may have a split security posture.

Some devices are protected by the latest fixes. Others are still waiting for restart. Some versions may carry avoidable exposure. Some may also appear alongside other risks such as unverified extensions or risky domain access.

That is the hidden security lag.

It is the time between “a fix exists” and “the fleet is actually protected by it.”

Why this matters for session security 

Enterprise work depends heavily on browser sessions.

A user signs in once and continues working across email, SaaS tools, internal dashboards, and cloud applications. If the browser is outdated, the session environment may be weaker than security teams expect.

This is why Browser Insights does more than show version numbers.

It helps connect browser versions to security posture. Devices Vulnerable to Session Theft can show where browser posture may create session-related exposure. High-Risk Browsers can highlight versions that need urgent review. Per-device insights help IT understand which machines are affected and whether other browser-level risks are also present.

Without that visibility, update management becomes guesswork.

With it, teams can prioritize the devices, users, or groups that need attention first.

Where Browser Insights adds value 

Browser Insights turns browser update risk into something visible.

Browser Version Overview gives IT a clear view of the browser version matrix across the organization. Instead of relying only on users to update on time, teams can see which versions are actually running across the fleet.

High-Risk Browsers help separate normal version differences from browsers that may need faster attention.

Device Security Status helps show where browser-level risk is already affecting device posture.

Per-device insights make the issue actionable. IT can drill into a specific device, review the browser version, check related browser activity, and understand whether other risks are present.

This changes the conversation from:

“Everyone should update.”

to:

“These devices and groups need attention first.”

Using CEP Accelerator to Prioritize Browser Version Risk

Browser Insights helps teams identify browser version, high-risk browsers, and devices vulnerable to session theft across the fleet.

CEP Accelerator then helps prioritize which findings should be addressed first, especially when outdated browsers are used on devices that access sensitive systems such as finance platforms, customer tools, or internal applications.

Chrome Enterprise Premium helps reduce this exposure with browser-layer protection such as policy enforcement, threat protection, context-aware access, URL controls, and data protection.

Together, this gives teams a clearer path: see the browser risk, prioritize the response, and strengthen protection where business work happens

FAQ

Why do browser update delays matter?

Browser updates often include security fixes. When users delay updates, browsers may continue handling sensitive business activity without the latest protections.

Is this only a Chrome issue?

No. Version drift can affect any browser environment. Browser Insights helps teams review browser versions and risk conditions across the organization.

Does Browser Insights force browser updates?

No. Browser Insights provides visibility into browser versions, high-risk browsers, device security status, and vulnerable devices. Update enforcement and browser policy decisions are handled through administration and management controls.

How does CEP Accelerator help?

CEP Accelerator helps connect Browser Insights findings to relevant Chrome Enterprise Premium capabilities, so teams can prioritize where stronger browser-layer protection should be applied first.

How does Chrome Enterprise Premium help?

Chrome Enterprise Premium helps organizations strengthen browser-layer protection with centralized management, policy enforcement, threat protection, context-aware access, URL controls, and data protection capabilities.

A delayed browser restart can become a security gap when outdated versions continue handling sensitive business work. Use Browser Insights in Chrome Readiness Assessment to identify browser version drift, high-risk browsers, and devices vulnerable to session theft, then use CEP Accelerator to connect those findings to Chrome Enterprise Premium capabilities that help strengthen browser-layer protection.

Hidden Browser Connections: Why Long-Running Web Sessions Need Visibility
June 9, 2026

Hidden Browser Connections: Why Long-Running Web Sessions Need Visibility

Not every browser risk looks like a phishing email, unsafe download, or blocked website.Sometimes, the browser simply stays connected.

Modern web apps often keep sessions open so dashboards, chat tools, and collaboration platforms can update in real time. Technologies like WebSockets make this possible by allowing two-way communication between a browser and a server.

Most of this activity is normal. The concern begins when long-running browser connections involve unknown, unsecured, or risky destinations.For security teams, the challenge is not only knowing that traffic happened. It is understanding the browser context behind it.

Which device was involved? Which browser was used? Which domain was accessed? How often did it happen? How long did the activity continue?

That is where Chrome Readiness Assessment can give teams a clearer view of browser activity across the organization.

Why this matters 

The browser is now where many employees do their daily work.

They use it to access SaaS platforms, internal systems, cloud storage, customer tools, dashboards, and AI applications. Many of these tools are designed to stay active while users work.

A live dashboard may keep refreshing. A chat app may stay connected all day. A web application may keep a background connection open between the browser and a server.

This is not automatically risky.

The risk begins when those connections go to destinations the organization does not fully know, trust, or control. Security guidance from OWASP also highlights that WebSocket-based applications need proper security controls, including authentication, authorization, origin checks, and message validation.

If a browser stays connected to an unknown or risky site, teams need enough context to decide whether it is normal business activity or something that needs review. 

Why it is hard to see 

Long-running browser activity may not create an obvious warning.

There may be no suspicious download, no blocked page, no malware alert, and no user complaint.

From a network view, it may look like normal encrypted traffic. From an endpoint view, the device may look fine.

But the browser may still be connected to a destination that deserves attention.

That is the visibility gap.

Security teams may know that internet activity happened, but still not know enough about the browser, domain, device, or usage pattern behind it. 

Where Chrome Readiness Assessment adds clarity 

Chrome Readiness Assessment gives teams a more organized way to review browser activity.

For this type of risk, the useful signals include browser usage, browser versions, risky or unsecured domains accessed, visit count, total usage time, affected devices, and device-level browser details.

This gives teams a better starting point.

If certain devices repeatedly spend time on unknown or unsecured destinations, teams can review whether that activity is expected or risky.If a browser version, device group, or domain keeps appearing in risky activity, teams can prioritize it more easily.

The goal is not to treat every long browser session as dangerous. The goal is to understand where browser risk may be building.

How Chrome Enterprise Premium supports protection 

Visibility is the first step. Stronger control is the next.

Chrome Enterprise Premium helps organizations strengthen protection at the browser layer, where users access business data, applications, and web services every day.

For long-running browser activity, relevant controls can include secure enterprise browsing, threat protection, URL filtering, data protection rules in Chrome, Data Loss Prevention, context-aware access, and browser policy enforcement.

This matters because not every browser connection should be blocked.

Some sessions are part of normal work. Others may involve risky destinations, unmanaged tools, or possible data exposure.

Within Browser Insights, CEP Accelerator helps connect these browser findings to relevant Chrome Enterprise Premium capabilities. This makes it easier for teams to decide where stronger browser-layer controls may be useful.

Instead of treating every browser signal the same way, teams can focus on the destinations, devices, and activity patterns that need attention first.

Why business leaders should care 

Long-running browser sessions are part of modern work, but they still need visibility when they involve unknown or risky destinations.

If employees use the browser to access company data, customer platforms, internal systems, and cloud tools, then browser activity must be part of the security conversation.

Chrome Readiness Assessment gives teams a clearer view of browser activity. CEP Accelerator helps connect important findings to Chrome Enterprise Premium capabilities. Chrome Enterprise Premium helps strengthen protection where users work every day.

FAQ 

Are long-running browser sessions always risky?

No. Many trusted business tools use long-running sessions for real-time updates. The risk depends on the destination, the data involved, and whether the organization has enough visibility.

Why can this be hard to monitor?

Because long-running browser activity can look like normal encrypted traffic. Without browser context, teams may not know which domain, device, browser, or usage pattern needs review.

What can Browser Insights show?

Browser Insights can show browser usage, versions, risky or unsecured domains, visit count, usage time, affected devices, and device-level browser details.

What does CEP Accelerator do?

CEP Accelerator connects Browser Insights findings to relevant Chrome Enterprise Premium capabilities, helping teams prioritize where stronger browser-layer controls may be useful.

Long-running browser sessions may look ordinary, but they can create risk when they connect to destinations the organization does not fully trust or understand. Use Browser Insights in Chrome Readiness Assessment to review browser activity, risky or unsecured domains, affected devices, visit count, and usage time, then use CEP Accelerator to connect those findings to Chrome Enterprise Premium capabilities that help strengthen browser-layer protection through URL filtering, threat protection, data protection, Data Loss Prevention, context-aware access, and browser policy enforcement.

Unverified Extensions: The Browser Add-ons Enterprises Often Overlook
June 8, 2026

Unverified Extensions: The Browser Add-ons Enterprises Often Overlook

Browser extensions are small tools that help users work faster. They can block ads, manage passwords, take screenshots, translate text, improve productivity, or connect to business apps.

But in an enterprise environment, extensions can also become a security blind spot.

The risk is not only about what an extension does. The bigger issue is whether the organization knows which extensions are installed, which ones are trusted, and which devices are using unverified or unmanaged add-ons.

Browser Insights helps teams identify extension exposure across the fleet. CEP Accelerator helps prioritize where action is needed. Chrome Enterprise Premium helps strengthen browser management and security controls.

Why unverified extensions create risk 

Employees often install extensions because they are convenient. A tool may look simple, useful, and harmless. But once installed, it becomes part of the browser environment where users access business apps, customer data, internal dashboards, cloud storage, and sensitive workflows.

Google’s own Chrome extension safety guidance highlights that Chrome can warn users about extensions suspected of malware, policy violations, unpublished extensions, extensions outside the Chrome Web Store, and extensions that have not clearly published their data practices.

That matters for enterprises because an extension does not need to look dangerous to create risk. It may be outdated, unsupported, unreviewed, installed from the wrong place, or simply unknown to IT.

The problem is simple:

If the business cannot see the extensions, it cannot properly manage the risk.

Why extension visibility matters 

Many organizations focus on devices, operating systems, and antivirus tools. But browser extensions often receive less attention.

This creates questions that security teams still need to answer:

  • Which extensions are installed across the fleet?

  • Which devices have unverified extensions?

  • Are the same extensions appearing across multiple departments?

  • Are users installing tools that are not approved?

  • Which devices should be reviewed first?

Without this visibility, extension risk becomes difficult to control.

Google’s Chrome Web Store policies also show why trust matters. The Chrome Web Store states that extensions which create security threats, access data beyond what is needed, mislead users, or abuse the store system can be removed.

For enterprises, this supports a clear point: extension trust should not be assumed automatically. 

How Browser Insights helps 

Browser Insights helps IT and security teams understand extension exposure across enterprise devices.

For this issue, the most useful signals include:

  • total extensions detected

  • verified vs unverified extensions

  • organization-wide extension inventory

  • devices with unverified extensions

  • per-device extension details

  • secure vs not secure device status

This helps teams quickly identify where extension risk is concentrated.

For example, if several devices show unverified extensions, the security team can review those devices first instead of manually checking every browser one by one.

Browser Insights turns extension visibility into something practical and measurable.

How Chrome Enterprise Premium helps 

Browser Insights shows the extension visibility gap. Chrome Enterprise Premium helps organizations strengthen browser-layer protection and control.

Chrome Enterprise Premium includes browser reporting, cloud-based management, extension security and management, safe browsing protections, security insights, data loss prevention, context aware access, and URL filtering.

For extension risk, this is important because the browser is where many enterprise workflows happen. If extensions are unmanaged, the browser environment becomes less predictable.

Chrome also provides enterprise controls to allow, block, or automatically install apps and extensions, helping organizations move from unknown extension usage to managed extension control.

Where CEP Accelerator adds value 

CEP Accelerator helps connect Browser Insights findings to a Chrome Enterprise Premium planning path.

It does not remove extensions by itself. It does not replace Chrome Enterprise Premium. Its role is to help teams understand which devices or extension risks should be prioritized first.

For example, CEP Accelerator can help teams move from:

“We have many extensions across the organization.”

to:

“These devices with unverified extensions should be reviewed and prioritized for stronger browser controls.”

This makes the security plan easier to explain and easier to act on.

Why this matters for business leaders 

Extensions may look small, but they operate inside the same browser users depend on for business work.

If unverified extensions are installed across enterprise devices, the organization may face higher risk around data exposure, unsafe browsing, weak visibility, and inconsistent browser control.

For business leaders, the message is simple:

Browser extensions should be treated as part of enterprise browser security, not just user convenience.

Browser Insights provides visibility. CEP Accelerator helps prioritize action. Chrome Enterprise Premium helps strengthen control.

FAQ

Are all browser extensions risky?

No. Many extensions are useful and safe. The risk comes from extensions that are unverified, unmanaged, unsupported, or not approved for business use.

What does Browser Insights show about extensions?

Browser Insights shows extension inventory, verified vs unverified extensions, affected devices, and per-device extension details.

Is this blog about extension permissions?

No. This blog focuses on extension visibility, trust, and control. Extension permissions were covered separately.

How does Chrome Enterprise Premium help?

Chrome Enterprise Premium helps strengthen browser security with browser reporting, extension management, security insights, threat protection, data protection, and policy controls.

Unverified extensions are easy to overlook because they look like small browser add-ons. But across an enterprise fleet, they can create a real visibility and control gap. Use Browser Insights in Chrome Readiness Assessment to identify extension exposure across devices, then use CEP Accelerator to prioritize Chrome Enterprise Premium controls that help strengthen browser security. 

Download the Setup for FreeCheck your browser risk score in 30 seconds