Browsers with extensions? How they steal the data

Malicious websites can exploit the program's extension APIs ς (browsers) για να τρέξουν κώδικα μέσα στο και να κλέψουν ευαίσθητες πληροφορίες, όπως τις σελιδοδείκτες, το ιστορικό περιήγησης ή ακόμη και τα of users.

Of course an attacker can with cookies can capture the user's active sessions and access sensitive accounts such as email inboxes, social profiles, or bank accounts, etc.Browsers

In addition, the same APIs (always talking about extensions used by browsers) can be used to enable malicious files to be downloaded and stored on the user's device. This data is stored in the storage of an extension, and can later be used to track users across the web.

These types of attacks are no longer theoretical, as they were recently proven in a study published by Dolière Francis Somé, a researcher from the Université Côte d'Azur and INRIA, the French research institute.

Somé developed a tool and looked over 78.000 extensions for Chrome, Firefox and Opera. He managed to identify 197 extensions that allowed the API's internal communication interface to appear with web applications. This can give malicious websites access to the data stored in a user's browser, data that should normally not be accessible.

Chrome Firefox Opera Total
analyzed 66,401 9,391 2,523 78,315
Suspicious extensions 3,303 483 210 3,996
Execute code 15 2 2 19
Bypass SOP 48 9 6 63
Read cookies 8 - - 8
Read browsing 40 - - 1
Read bookmarks 37 1 - 38
Get extensions installed 33 - - 33
Store / retrieve data 85 2 3 90
Trigger downloads 29 5 2 36
Total of unique extensions 171 16 10 197

The French researcher reports that he was surprised by the results, as only 15 (ie 7,61%) of the 197 extensions were development, a category of extensions that usually have complete control over what happens in a browser and are among the applications that should not have security holes.

About 55% of all extensions had less than 1.000 installations, but over 15% had over 10.000.

Somé said he advised browser developers of his findings before publishing the survey to the public in early January.

"Everyone recognized the problems," Somé says. “Firefox has removed all the extensions I mentioned. Opera has also removed all extensions but there are 2 more that can be exploited to enable downloads. "

“Chrome also recognized the problem. We are still discussing together the possible measures to be taken. ”

The researcher also created a tool that allows users to check if their extensions contain a susceptible API that can exploit malicious websites. The tool is web-based and hosted on this page.

To use it, you'll need to copy-paste the contents of the manifest.json file of the extension you are interested in.

Watch the videos published by the researcher

If you want to read more in Somé's work: EmPoWeb: Empowering Web Applications with Browser Extensions, ”You can download it as a PDF from here and here.

_______________________ The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).