Skip to main content

A Framework for Analysing the Security of Chrome Extensions

  • Conference paper
Advanced Computing, Networking and Informatics- Volume 2

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 28))

Abstract

Google Chrome, the most popular web browser today, allows users to extend its functionality by means of extensions available in its own store or any third party website. Users can also develop their own extensions easily and add them to their browser. Vulnerabilities in browser extensions could be exploited by malicious websites to gain access to sensitive user data or to attack another website. A browser extension can also turn malicious and attack a website or steal user data. This paper proposes a framework which can be used by users and developers to analyse Chrome extensions. The technique presented here uses the permissions feature of chrome extensions and the flow of data through the extension’s JavaScript code to detect vulnerabilities in extensions and to check whether the extension could be malicious.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting Browsers from Extension Vulnerabilities. In: Proceedings of the 17th Network and Distributed System Security Symposium (2010)

    Google Scholar 

  2. Carlini, N., Felt, A.P., Wagner, D.: An evaluation of the google chrome extension security architecture. In: Proceedings of the 21st USENIX Conference on Security (2012)

    Google Scholar 

  3. Liu, L., Zhang, X., Yan, G., Chen, S.: Chrome Extensions: Threat Analysis and Countermeasures. In: Proceedings of the 19th Annual Network & Distributed System Security Symposium (2012)

    Google Scholar 

  4. Bandhakavi, S., King, S.T., Madhusudan, P., Winslett, M.: VEX: Vetting Browser Extensions For Security Vulnerabilities. In: Proceedings of the 19th USENIX Security Symposium (2010)

    Google Scholar 

  5. Chrome Extension Developer Guide, http://developer.chrome.com/extensions

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to V. Aravind .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Aravind, V., Sethumadhavan, M. (2014). A Framework for Analysing the Security of Chrome Extensions. In: Kumar Kundu, M., Mohapatra, D., Konar, A., Chakraborty, A. (eds) Advanced Computing, Networking and Informatics- Volume 2. Smart Innovation, Systems and Technologies, vol 28. Springer, Cham. https://doi.org/10.1007/978-3-319-07350-7_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07350-7_30

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07349-1

  • Online ISBN: 978-3-319-07350-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics