Till sidans topp

Sidansvarig: Webbredaktion
Sidan uppdaterades: 2012-09-11 15:12

Tipsa en vän
Utskriftsversion

After you, please: browse… - Göteborgs universitet Till startsida
Webbkarta
Till innehåll Läs mer om hur kakor används på gu.se

After you, please: browser extensions order attacks and countermeasures

Artikel i vetenskaplig tidskrift
Författare Pablo Picazo-Sanchez
J. Tapiador
Gerardo Schneider
Publicerad i International Journal of Information Security
Sidor 16
ISSN 1615-5262
Publiceringsår 2019
Publicerad vid Institutionen för data- och informationsteknik (GU)
Institutionen för data- och informationsteknik, datavetenskap (GU)
Sidor 16
Språk en
Länkar dx.doi.org/10.1007/s10207-019-00481...
Ämnesord Web security, Privacy, Browser extensions, Malware, Chrome, Computer Science
Ämneskategorier Datavetenskap (datalogi)

Sammanfattning

Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome's official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed into an internal queue within the browser. The order in which each extension executes depends on a number of factors, including their relative installation times. In this paper, we demonstrate how this order can be exploited by an unprivileged malicious extension (i.e., one with no more permissions than those already assigned when accessing web content) to get access to any private information that other extensions have previously introduced. We propose a solution that does not require modifying the core browser engine, since it is implemented as another browser extension. We prove that our approach effectively protects the user against usual attackers (i.e., any other installed extension) as well as against strong attackers having access to the effects of all installed extensions (i.e., knowing who did what). We also prove soundness and robustness of our approach under reasonable assumptions.

Sidansvarig: Webbredaktion|Sidan uppdaterades: 2012-09-11
Dela:

På Göteborgs universitet använder vi kakor (cookies) för att webbplatsen ska fungera på ett bra sätt för dig. Genom att surfa vidare godkänner du att vi använder kakor.  Vad är kakor?