The Security Analysis of Browser Extensions
Name
Kristjan Krips
Abstract
In this work, we analyse the security models of browser extensions. We
view the extension models of Mozilla Firefox 3.6, Internet Explorer 8 and
Google Chrome 5.0.360. Because browsers are providing functionalities similar
to operating systems, we analyse these extension models as we would
analyse an operating system. We show that the current security models can
be abused with little effort. A browser with a compromised extension may
result in the whole computer being compromised. To support our claims, we
tested most of the attacks that are described in this analysis. The source code
of these attacks is not included in the thesis. Thus, due to previously mentioned
risks, we want to stress the importance of the threat that extensions
pose to the security of browsers. The feasibility of creating malware extensions is analysed
for each browser individually. Based on the analysis we propose possible
attack vectors for each browser. Finally, we suggest ways to improve the
current security models and give advice to the users.
Graduation Thesis language
English
Graduation Thesis type
Bachelor - Computer Science
Supervisor(s)
Sven Laur
Defence year
2010