Chrome Extensions: Threat Analysis and Countermeasures

The widely popular browser extensions now become one of the most commonly used malware attack vectors. The Google Chrome browser, which implements the principles of least privileges and privilege separation by design, offers a strong security mechanism to protect malicious websites from damaging the whole browser system via extensions. In this study, we however reveal that Chrome’s extension security model is not a panacea for all possible attacks with browser extensions. Through a series of practical bot-based attacks that can be performed even under typical settings, we demonstrate that malicious Chrome extensions pose serious threats, including both information dispersion and harvesting, to browsers. We further conduct an in-depth analysis of Chrome’s extension security model, and conclude that its vulnerabilities are rooted from the violation of the principles of least privileges and privilege separation. Following these principles, we propose a set of countermeasures that enforce the policies of microprivilege management and differentiating DOM elements. Using a prototype developed on the latest Chrome browser, we show that they can effectively mitigate the threats posed by malicious Chrome extensions with little effect on normal browsing experience.