loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Pablo Picazo-Sanchez ; Maximilian Algehed and Andrei Sabelfeld

Affiliation: Chalmers University of Technology, Gothenburg, Sweden

Keyword(s): Browser Extensions, Web Security, Web Privacy.

Abstract: Browser extensions are popular web applications that users install in modern browsers to enrich the user experience on the web. It is common for browser extensions to include static resources in the form of HTML, CSS, fonts, images, and JavaScript libraries. Unfortunately, the state of the art is that each extension ships its own version of a given resource. This paper presents DeDup.js, a framework that incorporates similarity analysis for achieving two goals: detecting potentially malicious extensions during the approval process, and given an extension as input, DeDup.js discovers similar extensions. We downloaded three snapshots of the Google Chrome Web Store during one year totaling more than 422k browser extensions and conclude that over 50% of the static resources are shared among the extensions. By implementing an instance of DeDup.js, we detect more than 7k extensions that should not have been published and were later deleted. Also, we discover more than 1k malicious extensio ns still online that send user’s queries to external servers without the user’s knowledge. Finally, we show the potential of DeDup.js by analyzing a set extensions part of CacheFlow, a recently discovered attack. We detect 53 malicious extensions of which 36 Google has already taken down and the rest are investigated. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.140.198.43

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Picazo-Sanchez, P.; Algehed, M. and Sabelfeld, A. (2022). DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 528-535. DOI: 10.5220/0010900600003120

@conference{icissp22,
author={Pablo Picazo{-}Sanchez. and Maximilian Algehed. and Andrei Sabelfeld.},
title={DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
year={2022},
pages={528-535},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010900600003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP
TI - DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
SN - 978-989-758-553-1
IS - 2184-4356
AU - Picazo-Sanchez, P.
AU - Algehed, M.
AU - Sabelfeld, A.
PY - 2022
SP - 528
EP - 535
DO - 10.5220/0010900600003120
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic