Doublex: Statically detecting vulnerable data flows in browser extensions at scale
Browser extensions are popular to enhance users' browsing experience. By design, they
have access to security-and privacy-critical APIs to perform tasks that web applications …
have access to security-and privacy-critical APIs to perform tasks that web applications …
CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
Extensions complement web browsers with additional functionalities and also bring new
vulnerability venues, allowing privilege escalations from adversarial web pages to use …
vulnerability venues, allowing privilege escalations from adversarial web pages to use …
Mystique: Uncovering information leakage from browser extensions
Q Chen, A Kapravelos - Proceedings of the 2018 ACM SIGSAC …, 2018 - dl.acm.org
Browser extensions are small JavaScript, CSS and HTML programs that run inside the
browser with special privileges. These programs, often written by third parties, operate on …
browser with special privileges. These programs, often written by third parties, operate on …
Fingerprinting in style: Detecting browser extensions via injected style sheets
Browser extensions enhance the web experience and have seen great adoption from users
in the past decade. At the same time, past research has shown that online trackers can use …
in the past decade. At the same time, past research has shown that online trackers can use …
You've changed: Detecting malicious browser extensions through their update deltas
In this paper, we conduct the largest to-date analysis of browser extensions, by investigating
922,684 different extension versions collected in the past six years, and using this data to …
922,684 different extension versions collected in the past six years, and using this data to …
EmPoWeb: empowering web applications with browser extensions
DF Somé - 2019 IEEE Symposium on Security and Privacy (SP), 2019 - ieeexplore.ieee.org
Browser extensions are third party programs, tightly integrated to browsers, where they
execute with elevated privileges in order to provide users with additional functionalities …
execute with elevated privileges in order to provide users with additional functionalities …
Everyone is different: Client-side diversification for defending against extension fingerprinting
Browser fingerprinting refers to the extraction of attributes from a user's browser which can
be combined into a near-unique fingerprint. These fingerprints can be used to re-identify …
be combined into a near-unique fingerprint. These fingerprints can be used to re-identify …
Unnecessarily Identifiable: Quantifying the fingerprintability of browser extensions due to bloat
In this paper, we investigate to what extent the page modifications that make browser
extensions fingerprintable are necessary for their operation. We characterize page …
extensions fingerprintable are necessary for their operation. We characterize page …
Understanding worldwide private information collection on android
Mobile phones enable the collection of a wealth of private information, from unique
identifiers (eg, email addresses), to a user's location, to their text messages. This information …
identifiers (eg, email addresses), to a user's location, to their text messages. This information …