Chrome Extensions: Threat Analysis and Countermeasures

Author(s): Lei Liu, Xinwen Zhang, Guanhua Yan and Songqing Chen

Download: Paper (PDF)

Date: 8 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012

Abstract:

The Chrome browser employs least privileges and privilege separation principles to protect malicious websites from damaging the browser system via extensions. In this work we reveal that Chrome’s extension security model is not a panacea for all possible attacks with browser extensions. We demonstrated attack scenarios from malicious browser extensions and proposed a few countermeasures accordingly.