Browser Extensions & Associated Vulnerabilities

Browser Extensions & Associated Vulnerabilities

Web browser extensions are an effective way to manage and fix browser related functionalities. They are small software attached to the browser to add better functionality to the browser implementation. But the growing technology and productivity has led to an increase in the number of malicious activities through browser extensions.

One of the most popular browser extensions by Chrome – “Evernote” that had over 4.6 million users was found with a major flaw – Cross site scripting vulnerability. The flaw could have allowed attackers to access active sessions of other websites on the same browser. The news from Hacker News mentioned the attack in detail and how a payload could have been injected.

Recently an Android malware was discovered by the CSIS security team. It was a Trojan Horse named – Joker on GooglePlay, detected on 24 apps with over 4 million downloads. It attached a component to the advertisement websites and interact with them silently to steals victim’s SMS, contacts and device information.

A phishing campaign was also performed in early 2019. It utilized the use of SingleFile extension which is part of Google Chrome and Firefox browser, allowing the user to save web pages as single HTML files. The attackers copied the legitimate website pages and created identical webpages to use it in phishing activities thereby stealing user credentials.

However, Google finally responded to these malevolent activities. It launched an audit program known as Project Strobe. Google also decided that the extensions should require only a minimum amount of user data necessary to perform its functionality. The tech- giant is also expanding its privacy policy, where earlier only extensions requiring personal and sensitive data posted the policies now user-generated content will need to communicate policy as well.

“To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road”

The above statement by Google Fellow and vice president of engineering Ben Smith clearly indicates that strong security controls for browser extensions were missing in the first place and Google admits that it has encouraged the developers to take mandatory security and privacy-related steps but the slow-paced improvement has made Chrome extensions a real industry concern.

However, the main concern is that each browser extension uses different SOP (Same Origin Policy). Due to that attackers in order to allure naïve users, they can work in disguise in the form of grammar checks, archive assistance, etc. as browser add-ons and are still able to carry out phishing, spying and scamming techniques.

As security professionals, cybersecurity awareness training and new software downloads to personal and corporate computers without proper validation should not be done. There are some necessary steps that organizations need to implement towards protecting data from dangerous threats that trouble users from browser extensions.



Let Us Know If LIFARS Can Help Solving Your Cybersecurity Issues.