Chrome Extensions: Threat Analysis and Countermeasures
Download: Paper (PDF)
Date: 8 Feb 2012
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2012
The Chrome browser employs least privileges and privilege separation principles to protect malicious websites from damaging the browser system via extensions. In this work we reveal that Chrome’s extension security model is not a panacea for all possible attacks with browser extensions. We demonstrated attack scenarios from malicious browser extensions and proposed a few countermeasures accordingly.