Abstract
Google Chrome, the most popular web browser today, allows users to extend its functionality by means of extensions available in its own store or any third party website. Users can also develop their own extensions easily and add them to their browser. Vulnerabilities in browser extensions could be exploited by malicious websites to gain access to sensitive user data or to attack another website. A browser extension can also turn malicious and attack a website or steal user data. This paper proposes a framework which can be used by users and developers to analyse Chrome extensions. The technique presented here uses the permissions feature of chrome extensions and the flow of data through the extension’s JavaScript code to detect vulnerabilities in extensions and to check whether the extension could be malicious.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting Browsers from Extension Vulnerabilities. In: Proceedings of the 17th Network and Distributed System Security Symposium (2010)
Carlini, N., Felt, A.P., Wagner, D.: An evaluation of the google chrome extension security architecture. In: Proceedings of the 21st USENIX Conference on Security (2012)
Liu, L., Zhang, X., Yan, G., Chen, S.: Chrome Extensions: Threat Analysis and Countermeasures. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium (2012)
Bandhakavi, S., King, S.T., Madhusudan, P., Winslett, M.: VEX: Vetting Browser Extensions For Security Vulnerabilities. In: Proceedings of the 19th USENIX Security Symposium (2010)
Chrome Extension Developer Guide, http://developer.chrome.com/extensions
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Aravind, V., Sethumadhavan, M. (2014). A Framework for Analysing the Security of Chrome Extensions. In: Kumar Kundu, M., Mohapatra, D., Konar, A., Chakraborty, A. (eds) Advanced Computing, Networking and Informatics- Volume 2. Smart Innovation, Systems and Technologies, vol 28. Springer, Cham. https://doi.org/10.1007/978-3-319-07350-7_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-07350-7_30
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07349-1
Online ISBN: 978-3-319-07350-7
eBook Packages: EngineeringEngineering (R0)