DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
Paper i proceeding, 2022

Browser extensions are popular web applications that users install in modern browsers to enrich the user experience on the web. It is common for browser extensions to include static resources in the form of HTML, CSS, fonts, images, and JavaScript libraries. Unfortunately, the state of the art is that each extension ships its own version of a given resource. This paper presents DeDup.js, a framework that incorporates similarity analysis for achieving two goals: detecting potentially malicious extensions during the approval process, and given an extension as input, DeDup.js discovers similar extensions. We downloaded three snapshots of the Google Chrome Web Store during one year totaling more than 422k browser extensions and conclude that over 50% of the static resources are shared among the extensions. By implementing an instance of DeDup.js, we detect more than 7k extensions that should not have been published and were later deleted. Also, we discover more than 1k malicious extensions still online that send user's queries to external servers without the user's knowledge. Finally, we show the potential of DeDup.js by analyzing a set extensions part of CacheFlow, a recently discovered attack. We detect 53 malicious extensions of which 36 Google has already taken down and the rest are investigated.

Browser Extensions

Web Privacy

Web Security

Författare

Pablo Picazo-Sanchez

Chalmers, Data- och informationsteknik, Informationssäkerhet

Maximilian Algehed

Chalmers, Data- och informationsteknik, Funktionell programmering

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Informationssäkerhet

PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP)

Vol. 1 528-535
978-989-758-553-1 (ISBN)

8th International Conference on Information Systems Security and Privacy (ICISSP)
Online, ,

Ämneskategorier

Medieteknik

Människa-datorinteraktion (interaktionsdesign)

Datavetenskap (datalogi)

DOI

10.5220/0010900600003120

Mer information

Senast uppdaterat

2023-11-30