Extension breakdown: Security analysis of browsers extension resources control policies

Sanchez-Rola, Iskander; Santos, Igor; Balzarotti, Davide
USENIX 2017, 26th USENIX Security Symposium, August 16-18, 2017, Vancouver, BC, Canada

All major web browsers support browser extensions to add new features and extend their functionalities. Nevertheless, browser extensions have been the target of several attacks due to their tight relation with the browser environment. As a consequence, extensions have been abused in the past for malicious tasks such as private information gathering, browsing history retrieval, or passwords theft — leading to a number of severe targeted attacks. Even though no protection techniques existed in the past to secure extensions, all browsers now implement defensive countermeasures that, in theory, protect extensions and their resources from third party access. In this paper, we present two attacks that bypass these control techniques in every major browser family, enabling enumeration attacks against the list of installed extensions. In particular, we present a timing side-channel attack against the access control settings and an attack that takes advantage of poor programming practice, affecting a large number of Safari extensions. Due to the harmful nature of our findings, we also discuss possible countermeasures against our own attacks and reported our findings and countermeasures to the different actors involved. We believe that our study can help secure current implementations and help developers to avoid similar attacks in the future. 

Sécurité numérique
Eurecom Ref:
Copyright Usenix. Personal use of this material is permitted. The definitive version of this paper was published in USENIX 2017, 26th USENIX Security Symposium, August 16-18, 2017, Vancouver, BC, Canada
and is available at :

PERMALINK : https://www.eurecom.fr/publication/5316