Team for Research in
Ubiquitous Secure Technology

Protecting Browsers from Extension Vulnerabilities
Adrienne Porter Felt

Citation
Adrienne Porter Felt. "Protecting Browsers from Extension Vulnerabilities". Talk or presentation, 10, November, 2010.

Abstract
Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web site operators. In the Firefox extension system, these exploits are dangerous because extensions run with the user's full privileges and can read and write arbitrary files and launch new processes. In this paper, we analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges. Additionally, we find that 76% of these extensions use unnecessarily powerful APIs, making it difficult to reduce their privileges. We propose a new browser extension system that improves security by using least privilege, privilege separation, and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability. Our design has been adopted as the Google Chrome extension system.

Electronic downloads

Citation formats  
  • HTML
    Adrienne Porter Felt. <a
    href="http://www.truststc.org/pubs/764.html"
    ><i>Protecting Browsers from Extension
    Vulnerabilities</i></a>, Talk or presentation, 
    10, November, 2010.
  • Plain text
    Adrienne Porter Felt. "Protecting Browsers from
    Extension Vulnerabilities". Talk or presentation,  10,
    November, 2010.
  • BibTeX
    @presentation{Felt10_ProtectingBrowsersFromExtensionVulnerabilities,
        author = {Adrienne Porter Felt},
        title = {Protecting Browsers from Extension Vulnerabilities},
        day = {10},
        month = {November},
        year = {2010},
        abstract = {Browser extensions are remarkably popular, with
                  one in three Firefox users running at least one
                  extension. Although well-intentioned, extension
                  developers are often not security experts and
                  write buggy code that can be exploited by
                  malicious web site operators. In the Firefox
                  extension system, these exploits are dangerous
                  because extensions run with the user's full
                  privileges and can read and write arbitrary files
                  and launch new processes. In this paper, we
                  analyze 25 popular Firefox extensions and find
                  that 88% of these extensions need less than the
                  full set of available privileges. Additionally, we
                  find that 76% of these extensions use
                  unnecessarily powerful APIs, making it difficult
                  to reduce their privileges. We propose a new
                  browser extension system that improves security by
                  using least privilege, privilege separation, and
                  strong isolation. Our system limits the misdeeds
                  an attacker can perform through an extension
                  vulnerability. Our design has been adopted as the
                  Google Chrome extension system.},
        URL = {http://www.truststc.org/pubs/764.html}
    }
    

Posted by Larry Rohrbough on 7 Dec 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.