Browsers with extensions? How they steal the data

Malicious websites can exploit browser extension APIs to run code inside the browser and steal sensitive , such as bookmarks, browsing history or even user cookies.

Of course an attacker can with cookies can understand the active periods of the user and gain access to sensitive accounts, such as email inboxes y, social network profiles or accounts on etc.Browsers

In addition, the same APIs (we are always talking about extensions used by browsers) s can be used to trigger the download of malicious files and store them on the user's device. This data is stored in an extension's storage, and can be used later to track users across the web.

These types of attacks are no longer theoretical, having recently been proven in one published by Dolière Francis Somé, a researcher from the Université Côte d'Azur and INRIA, the French research institute.

Somé developed one and reviewed over 78.000 Chrome, Firefox and Opera extensions. It was able to identify 197 extensions that allowed internal API communication interfaces to be exposed to web applications. This can give malicious websites access to data stored in a user's browser, data that should not normally be accessible.

Chrome Firefox Opera Total
Extensions analyzed 66,401 9,391 2,523 78,315
Suspicious extensions 3,303 483 210 3,996
Execute code 15 2 2 19
Bypass SOP 48 9 6 63
Read cookies 8 - - 8
Read browsing history 40 - - 1
Read bookmarks 37 1 - 38
Get extensions installed 33 - - 33
Store / retrieve data 85 2 3 90
Trigger downloads 29 5 2 36
Total of unique extensions 171 16 10 197

The French researcher reports that he was surprised by the results, as only 15 (7,61%) of 197 extensions were development tools, a category of extensions that usually have full control over what happens to a browser and are from applications that do not must have security holes.

About 55% of all extensions had less than 1.000 installations, but over 15% had over 10.000.

Somé said he advised browser developers of his findings before publishing the survey to the public in early January.

"Everyone recognized the problems," Somé says. “Firefox has removed all the extensions I mentioned. Opera has also removed all extensions but there are 2 more that can be exploited to enable downloads. "

“Chrome also recognized the problem. We are still discussing together the possible measures to be taken. ”

The researcher also created a tool that allows users to check if their extensions contain a susceptible API that can exploit malicious websites. The tool is web-based and hosted on this page.

To use it, you will need to copy-paste its content y manifest.json of the extension you are interested in.

Watch the videos published by the researcher

If you want to read more in Somé's work: EmPoWeb: Empowering Web Applications with Extensions, ”You can download it as a PDF from here and here.

_______________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).