论文信息 - A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities

A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities

Web browser is a software application using which we can perform most of the internet-based activities. The commonly used browsers are Mozilla Firefox, Google Chrome, Safari, Opera Mini, and Internet Explorer. Many web applications provide extensions to these browsers to enhance their functionality, while some of the extensions perform malicious activities to get access to the sensitive data without the user’s knowledge. This paper presents a review of the research done on the browser extension vulnerabilities. We found that the most of the researches were done for Firefox and Chrome extensions. Static analysis technique was used in most of the solutions proposed by various researchers. There is no ready to use tool for evaluating the vulnerable behavior of an extension. Hence there is need for more research to evaluate and eliminate the vulnerabilities in web browser extensions.

K. P. Jevitha | J. Arunagiri | S. Rakhi

[1] Marianne Winslett,et al. Vetting browser extensions for security vulnerabilities with VEX , 2011, CACM.

[2] David A. Wagner,et al. An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.

[3] Mohammad Zulkernine,et al. On evaluating and securing firefox for Android browser extensions , 2014, MOBILESoft 2014.

[4] Benjamin Livshits,et al. Verified Security for Browser Extensions , 2011, 2011 IEEE Symposium on Security and Privacy.

[5] V. N. Venkatakrishnan,et al. Enhancing web browser security against malware extensions , 2007, Journal in Computer Virology.

[6] Mohammad Zulkernine,et al. Effective detection of vulnerable and malicious browser extensions , 2014, Comput. Secur..

[7] Junjie Wang,et al. Pointer Analysis Based Vulnerability Detection for Browser Extension , 2012 .

[8] M. Sethumadhavan,et al. A Framework for Analysing the Security of Chrome Extensions , 2014 .

[9] Vijay Laxmi,et al. The darker side of Firefox extension , 2013, SIN.

[10] Lei Liu,et al. Chrome Extensions: Threat Analysis and Countermeasures , 2012, NDSS.

[11] Robert Tappan Morris,et al. Privacy-preserving browser-side scripting with BFlow , 2009, EuroSys '09.

[12] Adam Barth,et al. Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.

[13] William K. Robertson,et al. Securing Legacy Firefox Extensions with SENTINEL , 2013, DIMVA.