Abdullah Hassan Chaudhry (CISPA Helmholtz Center for Information Security), Valentino Dalla Valle (CISPA Helmholtz Center for Information Security), Aurore Fass (Inria Centre at Université Côte d’Azur)

Browser extension stores operate independently of each other and each have their own governance structure, creating a situation where threats identified on one platform can persist on others. We present the first cross-store analysis of security inconsistencies between the Chrome Web Store (CWS) and Edge Add-ons Store (EAS). We study extensions published on both stores, and discover 11 malicious extensions (affecting almost 134k users) that were present on the EAS, despite having already been removed from the CWS for containing malware. These extensions persisted on Edge for an average of 551 days (1.5 years) after their Chrome counterparts were removed for malware, with some even receiving updates during this period.

We additionally find that malicious extensions change their names and developer names more often than other extensions and that these changes are larger. We also examine extensions that have been reinstated after having been removed (e.g., for containing malware), revealing inconsistencies in extension store governance. These findings show that malicious actors can exploit the lack of coordination in an interconnected extension ecosystem.

View More Papers

MUTATO: Enhancing Fuzz Drivers with Adaptive API Option Mutation

Shuangxiang Kan (University of New South Wales), Xiao Cheng (Macquarie University), Yuekang Li (University of New South Wales)

Read More

PriMod4AI: Lifecycle-Aware Privacy Threat Modeling for AI Systems using...

Gautam Savaliya (Deggendorf Institute of Technology, Germany), Robert Aufschlager (Deggendorf Institute of Technology, Germany), Abhishek Subedi (Deggendorf Institute of Technology, Germany), Michael Heigl (Deggendorf Institute of Technology, Germany), Martin Schramm (Deggendorf Institute of Technology, Germany)

Read More