Article

The most dangerous code in the browser

Authors:

Alejandro Russo,

Deian StefanAuthors Info & Claims

HOTOS'15: Proceedings of the 15th USENIX conference on Hot Topics in Operating Systems

Page 23

Published: 18 May 2015 Publication History

Abstract

Browser extensions are ubiquitous. Yet, in today's browsers, extensions are the most dangerous code to user privacy. Extensions are third-party code, like web applications, but run with elevated privileges. Even worse, existing browser extension systems give users a false sense of security by considering extensions to be more trustworthy than web applications. This is because the user typically has to explicitly grant the extension a series of permissions it requests, e.g., to access the current tab or a particular website. Unfortunately, extensions developers do not request minimum privileges and users have become desensitized to install-time warnings. Furthermore, permissions offered by popular browsers are very broad and vague. For example, over 71% of the top-500 Chrome extensions can trivially leak the user's data from any site. In this paper, we argue for new extension system design, based on mandatory access control, that protects the user's privacy from malicious extensions. A system employing this design can enable a range of common extensions to be considered safe, i.e., they do not require user permissions and can be ensured to not leak information, while allowing the user to share information when desired. Importantly, such a design can make permission requests a rarity and thus more meaningful.

References

[1]

Adblock Plus - surf the web without annoying ads! https://adblockplus.org/, 2012. Visited April 21, 2015.

[2]

LastPass password manager. https://lastpass.com/, 2012. Visited April 21, 2015.

[3]

Google dictionary. https://chrome.google.com/webstore/detail/google-dictionary-by-goog/mgijmajocgfcbeboacabfgobmjgjcoja, 2015. Visited April 21, 2015.

[4]

Reddit enhancement suite. http://redditenhancementsuite.com/, 2015. Visited April 21, 2015.

[5]

Adam Barth. The web origin concept. https://tools.ietf.org/html/rfc6454, 2011. Visited April 21, 2015.

[6]

Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. Protecting browsers from extension vulnerabilities. In NDSS, 2010.

[7]

BBC. Google purges bad extensions from Chrome. http://www.bbc.com/news/technology-32206511, 2015. Visited April 21, 2015.

[8]

Nicholas Carlini, Adrienne Porter Felt, and David Wagner. An evaluation of the google chrome extension security architecture. In Security. USENIX, 2012.

[9]

Mohan Dhawan and Vinod Ganapathy. Analyzing information flow in JavaScript-based browser extensions. In ACSAC, 2009.

[10]

Evernote. Evernote web clipper. https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc, 2015. Visited April 21, 2015.

[11]

Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, David Wagner, et al. How to ask for permission. In HotSec. USENIX, 2012.

[12]

Adrienne Porter Felt, Kate Greenwood, and David Wagner. The effectiveness of application permissions. In WebApps'11. USENIX, 2011.

[13]

Google. Declare permissions. https://developer.chrome.com/extensions/declare_permissions, 2014. Visited April 21, 2015.

[14]

Google. Chrome Web Store - Extensions. https://chrome.google.com/webstore/category/extensions?_sort=1, 2015. Visited April 21, 2015.

[15]

Google. Google mail checker. https://chrome.google.com/webstore/detail/google-mail-checker/mihcahmgecmbnbcchbopgniflfhgnkff, 2015. Visited April 21, 2015.

[16]

Arjun Guha, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy. Verified security for browser extensions. In Security and Privacy. IEEE, 2011.

[17]

Norm Hardy. The confused deputy: (or why capabilities might have been invented). ACM SIGOPS OS Review, 22(4):36-38, 1988.

[18]

Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. Hulk: Eliciting malicious behavior in browser extensions. In Security. USENIX, 2014.

[19]

Butler W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613-615, 1973.

[20]

Petr Marchenko, Ulfar Erlingsson, and Brad Karp. Keeping sensitive data in browsers safe with Script-Police. Technical Report RN/13/02, UCL, January 2013.

[21]

Niels Provos, Markus Friedl, and Peter Honeyman. Preventing privilege escalation. In Security. USENIX, 2003.

[22]

Alex Russell and Jungkee Song. Service workers. http://www.w3.org/TR/service-workers/, 2014. Visited April 21, 2015.

[23]

Jerome H Saltzer and Michael D Schroeder. The protection of information in computer systems. IEEE, 63(9), 1975.

[24]

S. W. Smith. Humans in the loop: Human-computer interaction and security. IEEE Security and Privacy, 1(3), May 2003.

[25]

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazières. Protecting users by confining JavaScript with COWL. In OSDI. USENIX, 2014.

[26]

Kurt Thomas, Elie Bursztein, Chris Grierand Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, and Moheeb Abu Rajab. Ad injection at scale: Assessing deceptive advertisement modifications. In Security and Privacy. IEEE, 2015. To appear.

[27]

Anne van Kesteren and Maciej Stachowiak. HTML design principles. http://www.w3.org/TR/html-design-principles, 2007. Visited April 21, 2015.

[28]

Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. Making information flow explicit in HiStar. In OSDI. USENIX, 2006.

[29]

Michal Zelwski. Browser security handbook, part 2. http://code.google.com/p/browsersec/wiki/Part2, 2009. Visited April 21, 2015.

Cited By

Weissbacher MMariconti ESuarez-Tangil GStringhini GRobertson WKirda E(2017)Ex-RayProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134632(590-602)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134632
Lyu MSherratt DSivanathan AGharakheili HRadford ASivaraman VNoubir GConti MKasera S(2017)Quantifying the reflective DDoS attack capability of household IoT devicesProceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3098243.3098264(46-51)Online publication date: 18-Jul-2017
https://dl.acm.org/doi/10.1145/3098243.3098264
Tsalis NMylonas ANisioti AGritzalis DKatos V(2017)Exploring the protection of private browsing in desktop browsersComputers and Security10.1016/j.cose.2017.03.00667:C(181-197)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.03.006
Show More Cited By

Index Terms

The most dangerous code in the browser
1. Security and privacy
  1. Systems security
    1. Operating systems security

Index terms have been assigned to the content through auto-classification.

Recommendations

Browser wars: Metaphor, Web browser, Microsoft, Internet Explorer, Netscape, Netscape Navigator, Mozilla Firefox, Google Chrome, Safari (web browser), Opera (web browser), Usage share of web browsers
Exploiting Android Browser
Cryptology and Network Security
Abstract
Android permission is a system of safeguards designed to restrict access to potentially sensitive data and privileged components. While third-party applications are restricted from accessing privileged resources without appropriate permissions, ...
Memoirs of a browser: a cross-browser detection model for privacy-breaching extensions
ASIACCS '12: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

HOTOS'15: Proceedings of the 15th USENIX conference on Hot Topics in Operating Systems

May 2015

29 pages

Editor:
George Candea
École Polytechnique Fédérale de Lausanne

Sponsors

Google Inc.
Microsoft Research: Microsoft Research
HP: HP

Publisher

USENIX Association

United States

Publication History

Published: 18 May 2015

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Weissbacher MMariconti ESuarez-Tangil GStringhini GRobertson WKirda E(2017)Ex-RayProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134632(590-602)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134632
Lyu MSherratt DSivanathan AGharakheili HRadford ASivaraman VNoubir GConti MKasera S(2017)Quantifying the reflective DDoS attack capability of household IoT devicesProceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3098243.3098264(46-51)Online publication date: 18-Jul-2017
https://dl.acm.org/doi/10.1145/3098243.3098264
Tsalis NMylonas ANisioti AGritzalis DKatos V(2017)Exploring the protection of private browsing in desktop browsersComputers and Security10.1016/j.cose.2017.03.00667:C(181-197)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.03.006
Xu MJang YXing XKim TLee WRay ILi NKruegel C(2015)UCognitoProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813716(438-449)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813716
Hausknecht DMagazinius JSabelfeld A(2015)May I? - Content Security Policy Endorsement for Browser ExtensionsProceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 914810.1007/978-3-319-20550-2_14(261-281)Online publication date: 9-Jul-2015
https://dl.acm.org/doi/10.1007/978-3-319-20550-2_14

View Options

View options

Media

Figures

Other

Tables

View Table of Contents