The Most Dangerous Code in your Browser
Paper in proceedings, 2015
Browser extensions are ubiquitous.
Yet, in today's browsers, extensions are the most dangerous code to user
Extensions are third-party code, like web applications, but run with
Even worse, existing browser extension systems give users a false sense
of security by considering extensions to be more trustworthy than web
This is because the user typically has to explicitly grant the extension
a series of permissions it requests, e.g., to access the current tab
or a particular website.
Unfortunately, extensions developers do not request minimum privileges
and users have become desensitized to install-time warnings.
Furthermore, permissions offered by popular browsers are very broad and
For example, over 71% of the top-500 Chrome extensions can trivially
leak the user's data from any site.
In this paper, we argue for new extension system design, based on
mandatory access control, that protects the user's privacy from
A system employing this design can enable a range of common extensions
to be considered safe, i.e., they do not require user
permissions and can be ensured to not leak information,
while allowing the user to share information when desired.
Importantly, such a design can make permission requests a rarity and
thus more meaningful.