The Security Analysis of Browser Extensions

Kristjan Krips
In this work, we analyse the security models of browser extensions. We view the extension models of Mozilla Firefox 3.6, Internet Explorer 8 and Google Chrome 5.0.360. Because browsers are providing functionalities similar to operating systems, we analyse these extension models as we would analyse an operating system. We show that the current security models can be abused with little effort. A browser with a compromised extension may result in the whole computer being compromised. To support our claims, we tested most of the attacks that are described in this analysis. The source code of these attacks is not included in the thesis. Thus, due to previously mentioned risks, we want to stress the importance of the threat that extensions pose to the security of browsers. The feasibility of creating malware extensions is analysed for each browser individually. Based on the analysis we propose possible attack vectors for each browser. Finally, we suggest ways to improve the current security models and give advice to the users.
Graduation Thesis language
Graduation Thesis type
Bachelor - Computer Science
Sven Laur
Defence year