Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions

Calzavara, Stefano; Bugliesi, Michele; Crafa, Silvia; Steffinlongo, Enrico

doi:10.1007/978-3-662-46669-8_21

Cited by 11 publications

(8 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A core of λ-JS was also the language chosen by Calzavara et al [23] to design a sound static analysis to detect privilege escalation attacks on browser extensions, where malicious or compromised extension components abuse the message passing interface available to them to unduly gain access to securitysensitive functionalities. The static analysis was implemented in a prototype analyser for Google Chrome extensions, called CHEN.…”

Section: λ-Js and S5mentioning

confidence: 99%

Formal methods for web security

Bugliesi

Calzavara

Focardi

2017

Journal of Logical and Algebraic Methods in Programming

Self Cite

View full text Add to dashboard Cite

In the last few years, many security researchers proposed to endow the web platform with more rigorous foundations, thus allowing for a precise reasoning on web security issues. Given the complexity of the Web, however, research efforts in the area are scattered around many different topics and problems, and it is not easy to understand the import of formal methods on web security so far. In this survey we collect, classify and review existing proposals in the area of formal methods for web security, spanning many different topics: JavaScript security, browser security, web application security, and web protocol analysis. Based on the existing literature, we discuss recommendations for researchers working in the area to ensure their proposals have the right ingredients to be amenable for a large scale adoption

show abstract

Section: λ-Js and S5mentioning

confidence: 99%

Formal methods for web security

Bugliesi

Calzavara

Focardi

2017

Journal of Logical and Algebraic Methods in Programming

Self Cite

View full text Add to dashboard Cite

show abstract

“…Due to their privileged position in browsers, it is well understood that extensions pose serious security and privacy threats to user data [7], [8], [9], [10], [11], [12], [13]. Therefore, in order to limit extensions capabilities, a mandatory permission system requires that extensions explicitly declare the set of APIs they effectively need to access.…”

Section: Introductionmentioning

confidence: 99%

“…Besides, a benign (non-malicious) extension can be buggy, allowing adversaries to exploit its vulnerabilities in order to get access to user sensitive data. One type of adversary that can exploit such vulnerabilities in extensions is the web attacker [9], [10], [13]. Indeed for security reasons, extensions and web applications execute in different and isolated contexts.…”

Section: Introductionmentioning

confidence: 99%

“…Bandhakavi et al [9] and Carlini et al [10] found that a few extensions manipulate data extracted from webpages without sanitization, leading to privileged escalations, because such data can be influenced by a web attacker. Calzavara et al [13] found that message passing APIs can be abused for privilege escalation, and formally characterized the privileges that be exploited by a web attacker.…”

Section: Introductionmentioning

confidence: 99%

“…Similarly to those studies, our threat model considers the web application as the attacker. Specifically, we seek to study at large scale, the security and privacy implications of message passing APIs [13] among extensions in the wild, whether there are extensions that can be exploited by web applications to access sensitive user information. For instance, an extension can set up an interface (register a listener) to receive from web applications, messages consisting of the URL of a resource (data) hosted by another web application.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

EmPoWeb: Empowering Web Applications with Browser Extensions

Somé

2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Browser extensions are third party programs, tightly integrated to browsers, where they execute with elevated privileges in order to provide users with additional functionalities. Unlike web applications, extensions are not subject to the Same Origin Policy (SOP) and therefore can read and write user data on any web application. They also have access to sensitive user information including browsing history, bookmarks, credentials (cookies) and list of installed extensions. They have access to a permanent storage in which they can store data as long as they are installed in the user's browser. They can trigger the download of arbitrary files and save them on the user's device.For security reasons, browser extensions and web applications are executed in separate contexts. Nonetheless, in all major browsers, extensions and web applications can interact by exchanging messages. Through these communication channels, a web application can exploit extension privileged capabilities and thereby access and exfiltrate sensitive user information.In this work, we analyzed the communication interfaces exposed to web applications by Chrome, Firefox and Opera browser extensions. As a result, we identified many extensions that web applications can exploit to access privileged capabilities. Through extensions' APIS, web applications can bypass SOP and access user data on any other web application, access user credentials (cookies), browsing history, bookmarks, list of installed extensions, extensions storage, and download and save arbitrary files in the user's device.Our results demonstrate that the communications between browser extensions and web applications pose serious security and privacy threats to browsers, web applications and more importantly to users. We discuss countermeasures and proposals, and believe that our study and in particular the tool we used to detect and exploit these threats, can be used as part of extensions review process by browser vendors to help them identify and fix the aforementioned problems in extensions.

show abstract

JTaint: Finding Privacy-Leakage in Chrome Extensions

Xie

et al. 2020

Information Security and Privacy

View full text Add to dashboard Cite

Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions

Cited by 11 publications

References 27 publications

Formal methods for web security

Formal methods for web security

EmPoWeb: Empowering Web Applications with Browser Extensions

JTaint: Finding Privacy-Leakage in Chrome Extensions

Contact Info

Product

Resources

About