Skip to main content
SpringerLink
Log in
Book cover

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

DIMVA 2019: Detection of Intrusions and Malware, and Vulnerability Assessment pp 3–22Cite as

Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11543))

Abstract

With browsers being a ubiquitous, if not required, method to access the web, they represent a unique and universal threat vector. Browsers can run third-party extensions virtually invisibly in the background after a quick install. In this paper, we explore the abuse of browser extensions that achieve installations via suspicious methods. We scan the web for links to extension installations by performing a web crawling of the Alexa top 10,000 websites with recursive sub-page depth of 4 and leverage other tools to search for artifacts in the source code of webpages. We discover pages that have links to both listed and unlisted extensions, many times pointing to multiple different extensions that share the same name. Using this data, we were able to find 1,097 unlisted browser extensions ranging from internal directory lookup tools to hidden Google Docs extensions that pose a serious threat to their 127 million users.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://chrome.google.com/webstore/detail/lodjfjlkodalimdjgncejhkadjhacgki.

  2. 2.

    https://chrome.google.com/webstore/detail/bnomihfieiccainjcjblhegjgglakjdd.

  3. 3.

    An example would be this extension: https://chrome.google.com/webstore/detail/save-to-google-drive/gmbmikajjgmnabiglmofipeabaddhgne?hl=en.

  4. 4.

    https://developers.chrome.com/extensions/permission_warnings#update_permissions.

  5. 5.

    https://bugs.chromium.org/p/project-zero/issues/detail?id=1555.

  6. 6.

    https://bugs.chromium.org/p/chromium/issues/detail?id=827288.

References

  1. Beautiful soup: we called him tortoise because he taught us. https://www.crummy.com/software/BeautifulSoup/

  2. Mystique extension analysis engine. https://mystique.csc.ncsu.edu/

  3. PhantomJS - scriptable headless browser. http://phantomjs.org/

  4. RQ: Simple jobs queues for Python. http://python-rq.org/

  5. Selenium - web browser automation. https://www.seleniumhq.org/

  6. Aggarwal, A., Viswanath, B., Zhang, L., Kumar, S., Shah, A., Kumaraguru, P.: I spy with my little eye: analysis and detection of spying browser extensions. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P) (2018)

    Google Scholar 

  7. Chen, Q., Kapravelos, A.: Mystique: uncovering information leakage from browser extensions. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2018)

    Google Scholar 

  8. Google: Alternative Extension Distribution Options - Google Chrome. https://developer.chrome.com/apps/external_extensions

  9. Google: Chrome Permission Warnings. https://developer.chrome.com/apps/permission_warnings

  10. Google: declare permissions and warn users - Google Chrome. https://developers.chrome.com/extensions/permission_warnings#permissions_with_warnings

  11. Google security blog: trustworthy chrome extensions, by default. https://security.googleblog.com/2018/10/trustworthy-chrome-extensions-by-default.html

  12. Gulyas, G.G., Some, D.F., Bielova, N., Castelluccia, C.: To extend or not to extend: on the uniqueness of browser extensions and web logins. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society. WPES 2018 (2018)

    Google Scholar 

  13. Kapravelos, A., Grier, C., Chachra, N., Kruegel, C., Vigna, G., Paxson, V.: Hulk: eliciting malicious behavior in browser extensions. In: Proceedings of USENIX Security Symposium (2014)

    Google Scholar 

  14. Sanchez-Rola, I., Santos, I., Balzarotti, D.: Extension breakdown: security analysis of browsers extension resources control policies. In: Proceedings of USENIX Security Symposium (2017)

    Google Scholar 

  15. Sjösten, A., Van Acker, S., Sabelfeld, A.: Discovering browser extensions via web accessible resources. In: Proceedings of the ACM on Conference on Data and Application Security and Privacy (CODASPY) (2017)

    Google Scholar 

  16. Starov, O., Nikiforakis, N.: Extended tracking powers: measuring the privacy diffusion enabled by browser extensions. In: Proceedings of the 26th International World Wide Web Conference (WWW) (2017)

    Google Scholar 

  17. Starov, O., Nikiforakis, N.: XHOUND: quantifying the fingerprintability of browser extensions. In: Proceedings of the IEEE Symposium on Security and Privacy (2017)

    Google Scholar 

  18. Thomas, K., et al.: Ad injection at scale: assessing deceptive advertisement modifications. In: Proceedings of the IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  19. Weissbacher, M., Mariconti, E., Suarez-Tangil, G., Stringhini, G., Robertson, W., Kirda, E.: Ex-ray: detection of history-leaking browser extensions. In: Proceedings of the ACM Annual Computer Security Applications Conference (ACSAC) (2017)

    Google Scholar 

  20. Xing, X., et al.: Understanding malvertising through ad-injecting browser extensions. In: Proceedings of the International Conference on World Wide Web (WWW) (2015)

    Google Scholar 

Download references

Acknowledgements

We would like to thank our shepherd Kapil Singh and the anonymous reviewers for their insightful comments and feedback. This work was supported by the Office of Naval Research (ONR) under grant N00014-17-1-2541, by DARPA under agreement number FA8750-19-C-0003 and by the National Science Foundation (NSF) under grant CNS-1703375.

Author information

Authors and Affiliations

  1. North Carolina State University, Raleigh, USA

    Aidan Beggs & Alexandros Kapravelos

Authors
  1. Aidan Beggs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandros Kapravelos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Aidan Beggs or Alexandros Kapravelos .

Editor information

Editors and Affiliations

  1. University of Georgia, Athens, GA, USA

    Roberto Perdisci

  2. University of Rennes, CNRS, IRISA, Rennes, France

    Clémentine Maurice

  3. University of Cagliari, Cagliari, Italy

    Giorgio Giacinto

  4. Chalmers University of Technology, Gothenburg, Sweden

    Magnus Almgren

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Beggs, A., Kapravelos, A. (2019). Wild Extensions: Discovering and Analyzing Unlisted Chrome Extensions. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2019. Lecture Notes in Computer Science(), vol 11543. Springer, Cham. https://doi.org/10.1007/978-3-030-22038-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-22038-9_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-22037-2

  • Online ISBN: 978-3-030-22038-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation