New KnowBe4 Feature: Vulnerable Browser Plugin Detection

How Can I See If My Users Have Vulnerable Browser Plugins Installed?

Within your console, you can automatically detect what vulnerable plugins any clickers on your phishing tests have installed in their browsers. This feature is enabled as part of our Platinum subscription level.

How does it work?

Information about vulnerable plugins your users have installed on their browsers is automatically gathered during a phishing campaign. When a user fails and clicks on your phishing test, they arrive on our landing page which will gather information on what plugins are installed on that user's browser. We look at the results and compare them to a database of known vulnerable plugins and report it back to you.

Overview Screen: Vulnerable Plugins


Where can I see the list of vulnerable plugins my users have?

Any browser plugins found to be vulnerable will be provided in the results of your phishing test. Beneath an individual phishing campaign, you can click on the Users tab to drill down into the detailed results of that test. The tab titled Vulnerable Plugins will show how many users were found to have vulnerable browser plugins installed. You can click on the red "plug" (all the way to the right) to see the plugin info.

Detailed Phishing Reports: Vulnerable Plugins


Clicking on this red plug icon at the right gives you a detailed list of what vulnerable plugins a user has installed. This view will also provide a link to any additional information we can provide about that vulnerable plugin.

Example of Detailed Report Showing Vulnerable Plugins

plugin_details.pngThe detailed reports will also show additional information about other plugins detected in that user's browser, including potentially vulnerable plugins, unknown plugins, or plugins updated to the latest known version. 

Example of Detailed Report Showing Potentially Vulnerable Plugins


From the All Users tab beneath Users, you can click on any individual user's email address to review their browser vulnerabilities as well. Once you are within an individual user's reports page, you will be able to see a red plug icon if any browser vulnerabilities were detected when they failed your phishing test. Clicking on the red plug icon will allow you to view a list of vulnerable or potentially vulnerable browser plugins detected for that user.


What if I don't see any vulnerable plugins listed despite my phishing test having lots of clickers?

The vulnerable browser plugin information provided is not a 100% audit of your users' browser vulnerabilities. There may be instances where no vulnerable plugins are detected despite having plenty of clicks on a phishing campaign. For example, if a user has the plugins turned off, or if they are using a different browser which does not appear to have vulnerable browser plugins installed. 

NOTE: This feature is part of the Platinum subscription level. Existing Platinum users will see this now in their console. If you do not see this, contact your Reseller or Customer Success Manager.

If you aren't a KnowBe4 customer yet, find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote

Topics: IT Security

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews