Abstract—A common characteristic of modern web browsers is that their functionality can be extended via third-party add-ons. In this paper we focus on Chrome extensions, to which the Chrome browser exports a rich API: extensions can potentially make network requests, access the local file system, get low-level information about running processes, etc. To guard against misuse, Chrome uses a permission system to curtail an extension’s privileges. We demonstrate a series of attacks by which extensions can steal data, track user behavior, and collude to elevate their privileges. Although some attacks have previously been reported, we show that subtler versions can easily be devised that are less likely to be prevented by proposed defenses and c...
Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the web. Among ...
Web browsers have become the predominant means for developing and deploying applications, and thus t...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
The widely popular browser extensions now become one of the most commonly used malware attack vector...
Browser extensions boost the browsing experience by a range of features from automatic translation a...
Browser extensions are ubiquitous.Yet, in today\u27s browsers, extensions are the most dangerous cod...
Browser extensions enhance the functionality of native Web applications on the client side. They pro...
This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS). We lever...
Browser extensions are small applications executed in the browser context that provide additional ca...
Browser extensions provide a powerful platform to enrich browsing experience. At the same time, they...
Browser extensions enable rich experience for the users of today\u27s web. Beingdeployed with elevat...
Unsafely coded browser extensions can compromise the security of a browser, making them attractive t...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
Abstract. Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the w...
Client-side attacks against web sessions are a real concern for many applications. Realizing protect...
Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the web. Among ...
Web browsers have become the predominant means for developing and deploying applications, and thus t...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
The widely popular browser extensions now become one of the most commonly used malware attack vector...
Browser extensions boost the browsing experience by a range of features from automatic translation a...
Browser extensions are ubiquitous.Yet, in today\u27s browsers, extensions are the most dangerous cod...
Browser extensions enhance the functionality of native Web applications on the client side. They pro...
This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS). We lever...
Browser extensions are small applications executed in the browser context that provide additional ca...
Browser extensions provide a powerful platform to enrich browsing experience. At the same time, they...
Browser extensions enable rich experience for the users of today\u27s web. Beingdeployed with elevat...
Unsafely coded browser extensions can compromise the security of a browser, making them attractive t...
Even though their architecture relies on robust security principles, it is well-known that poor prog...
Abstract. Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the w...
Client-side attacks against web sessions are a real concern for many applications. Realizing protect...
Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the web. Among ...
Web browsers have become the predominant means for developing and deploying applications, and thus t...
Even though their architecture relies on robust security principles, it is well-known that poor prog...