Adrienne, along with Nicholas Carlini and David Wagner (Adrienne’s advisor) released “An Evaluation of the Google Chrome Extension Security Architecture.” In February of this year, my suspicion was justified. “Vulnerabilities in browser extensions put users at risk by providing a way for website and network attackers to gain access to users’ private data and credentials.”ĭéjà vu struck when I read that. In 2009, I wrote about Firefox having the same problem. Privilege separation: Extensions are built from two types of components, which are isolated from each other - content scripts and extension cores.Porter Felt: In 2009, Google Chrome introduced a new extension platform with several features intended to prevent and mitigate extension vulnerabilities: Before we get to your latest paper, would you bring us up to speed on the security features implemented in the Chrome extension system? Well, I could see it was time to call Adrienne and see what’s up. Content scripts interact with websites and execute with no privileges. Permissions: Each extension comes packaged with a list of permissions, which govern access to the browser APIs and web domains.Isolated worlds: Content scripts can read and modify website content, but content scripts and websites have separate program heaps so websites cannot access content scripts’ functions or variables.Extension cores do not directly interact with websites and execute with the extension’s full privileges. Kassner: You reviewed 100 Chrome extensions: If an extension has a core vulnerability, the attacker will only gain access to the permissions the vulnerable extension already has. Why is it important to make sure extensions are not vulnerable? The set of vulnerable extensions includes 7 extensions with more than 300,000 users each.” “27 of the 100 extensions contain one or more vulnerabilities, for a total of 51 vulnerabilities. Porter Felt: Extensions are fairly powerful - they can read users’ browsing history, passwords, email, etc. Kassner: Could you briefly explain how you determined if an extension was vulnerable? If an attacker compromises an extension, the attacker can get access to this personal information, too. Porter Felt: I worked with a fantastic undergraduate student at Cal named Nicholas Carlini. First, he would exercise the user interfaces of the extensions while monitoring their network traffic. Then, he read and searched through the extensions’ source code to find any attacks. I then reviewed each of the potential vulnerabilities to ensure they were real. We then built attacks to demonstrate the vulnerabilities truly existed. Kassner: The paper seems particularly concerned about extension-core vulnerabilities. Porter Felt: The “core” is the most powerful part of the extension, so a vulnerability in an extension core yields the most privileges to an attacker. To check for this possibility, you can use the Memory Diagnostic Tool on Windows to scan your PC for memory problems.The extension core includes invisible background code, options, and any other HTML the extension provides.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |