Team for Research in
Ubiquitous Secure Technology

Citation
Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron Boodman. "Protecting Browsers from Extension Vulnerabilities". NDSS, 2010.

Abstract
Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web site operators. In the Firefox extension system, these exploits are dangerous because extensions run with the user's full privileges and can read and write arbitrary files and launch new processes. In this paper, we analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges. Additionally, we find that 76% of these extensions use unnecessarily powerful APIs, making it difficult to reduce their privileges. We propose a new browser extension system that improves security by using least privilege, privilege separation, and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability. Our design has been adopted as the Google Chrome extension system.

Electronic downloads

• http://www.cs.berkeley.edu/~afelt/secureextensions.pdf

• HTML

  Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron
  Boodman. <a
  href="http://www.truststc.org/pubs/650.html"
  >Protecting Browsers from Extension
  Vulnerabilities</a>, NDSS, 2010.

• Plain text

  Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron
  Boodman. "Protecting Browsers from Extension
  Vulnerabilities". NDSS, 2010.

• BibTeX

  @inproceedings{BarthFeltSaxenaBoodman10_ProtectingBrowsersFromExtensionVulnerabilities,
      author = {Adam Barth and Adrienne Porter Felt and Prateek
                Saxena and Aaron Boodman},
      title = {Protecting Browsers from Extension Vulnerabilities},
      booktitle = {NDSS},
      year = {2010},
      abstract = {Browser extensions are remarkably popular, with
                one in three Firefox users running at least one
                extension. Although well-intentioned, extension
                developers are often not security experts and
                write buggy code that can be exploited by
                malicious web site operators. In the Firefox
                extension system, these exploits are dangerous
                because extensions run with the user's full
                privileges and can read and write arbitrary files
                and launch new processes. In this paper, we
                analyze 25 popular Firefox extensions and find
                that 88% of these extensions need less than the
                full set of available privileges. Additionally, we
                find that 76% of these extensions use
                unnecessarily powerful APIs, making it difficult
                to reduce their privileges. We propose a new
                browser extension system that improves security by
                using least privilege, privilege separation, and
                strong isolation. Our system limits the misdeeds
                an attacker can perform through an extension
                vulnerability. Our design has been adopted as the
                Google Chrome extension system.},
      URL = {http://www.truststc.org/pubs/650.html}
  }
  

Posted by Adrienne Porter Felt on 18 Feb 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.