revisiting the chrome extension permissions model
play

Revisiting the Chrome Extension Permissions Model Pranav Prakash, - PowerPoint PPT Presentation

Oct 29, 2023 •17 likes •1.07k views

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of W3Counter 2 Courtesy of W3Counter 3 Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes

  1. Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1

  2. Courtesy of W3Counter 2

  3. Courtesy of W3Counter 3

  4. Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes support for 500+ malicious extensions extensions 4

  5. Chrome Extensions... 5

  6. Chrome Extensions... ● Change UI 6

  7. Chrome Extensions... ● Change UI ● Provide additional functionality 7

  8. Chrome Extensions... ● Change UI ● Provide additional functionality ● Integrate with third party apps 8

  9. Extension Ecosystem ● ~1.2B installs 9

  10. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid 10

  11. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid ● 87% have less than 1,000 installs 11

  12. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid ● 87% have less than 1,000 installs ● Only 13 have more than 10 million installs 12

  13. Extension Ecosystem ● Most big extensions backed by a company 13

  14. Extension Ecosystem ● Most big extensions backed by a company 14

  15. Extension Ecosystem ● Most big extensions backed by a company 15

  16. Extension Ecosystem ● Most big extensions backed by a company 16

  17. 17

  18. It’s a business! 18

  19. https://extensionmonitor.com/blog/breaking-down-the-chrome-web-store-part-2 19

  20. https://extensionmonitor.com/blog/breaking-down-the-chrome-web-store-part-2 20

  21. 21

  22. Extension developers were phished! 22

  23. Extensions used for malvertising 23

  24. 24

  25. 25

  26. Nigelify 26

  27. Nigelify Link 27

  28. Nigelify Extension Link 28

  29. Nigelify Extension Link Credentials 29

  30. Nigelify Extension Link Credentials 30

  31. Nigelify Extension Link Resources Credentials 31

  32. Nigelify ● Made $1000 in < 1 week 32

  33. Nigelify ● Made $1000 in < 1 week ● Affected 100k+ users 33

  34. Nigelify ● Made $1000 in < 1 week ● Affected 100k+ users ● Prevented users from removing extension 34

  35. 35

  36. Added users to botnet 36

  37. Part of malvertising campaign 37

  38. Analyzing the threat surface of Chrome’s extension APIs 38

  39. Chrome ● Designed with security in mind ● Isolation, separation of privilege 1 39 1 Barth, Adam, et al. "Protecting browsers from extension vulnerabilities." (2010).

  40. Chrome Extension Architecture runtime.sendMessage 40

  41. Manifests "background": { ● Structure of extension "persistent": false, explicitly declared "scripts": [ "js/background.js" ] }, "content_scripts": [ { ● Permissions enumerated "js": [ "js/content.js"] "matches": ["*://*.foo.com"], "run_at": "document_start" }], "permissions": ["bookmarks"] 41

  42. Weaknesses of Permission Model ● While limited by sandboxing/isolation, malicious developers may not adhere to “principle of least privilege” 42

  43. Analyzing the Chrome APIs ● Inspect the APIs in each permission group 43

  44. Analyzing the Chrome APIs 44

  45. Analyzing the Chrome APIs ● Primary objectives of malicious extension ○ Data exfiltration ○ Website tampering ○ Phishing 45

  46. Analyzing the Chrome APIs ● CIA Triad: Confidentiality, Integrity, Availability 46

  47. Analyzing the Chrome APIs ● CIA Triad: Confidentiality, Integrity, Availability ● Classify aligned to triad ○ Info disclosure ○ Phishing ○ State manipulation ○ Obfuscation 47

  48. Analysis 48

  49. Analysis ● Majority of APIs can be abused ● Different methods within same permission have different threat profiles 49

  50. Reverse-engineering a malicious extension 50

  51. Version History 51

  52. Malicious buyout ● Rather than phish developer, outright buy an extension 52

  53. Malicious buyout ● Rather than phish developer, outright buy an extension 53 https://portswigger.net/daily-swig/when-browser-extensions-go-rogue

  54. Why so many users? ● Possibly ranked high in google search? ● Are all installs legitimate? 54

  55. Permissions Nothing too abnormal... 55

  56. Suspicious Obfuscation 56

  57. A seemingly benign jpeg 57

  58. Wait that’s not a jpeg... > file promo.jpg PNG image data, 1280 x 800, 8-bit/color RGBA, non-interlaced 58

  59. What’s in the alpha channel? 59

  60. Steganographic Obfuscation 60

  61. Takeaways? ● Limitations of static/dynamic analysis 61

  62. Takeaways? ● Limitations of static/dynamic analysis ● Permissions system has unnecessarily broad scope 62

  63. Takeaways? ● Limitations of static/dynamic analysis ● Permissions system has unnecessarily broad scope 63

  64. Mitigations to limit power of malicious extensions 64

  65. Mitigation: Fine-grained permissions ● Scope on method, not permission category ● Should not be able to update tabs if only need to refresh them 65

  66. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], 66

  67. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], Update existing tabs? Spawn new tabs? 67

  68. Wildcard Host Nothing too abnormal...? 68

  69. Scope network access ● Tie network host permission to parent permission "permissions": [ "permissions": [ "tabs", "tabs.executeScript" : { "*://*.google.com/" "*://*.google.com/" ], } ], 69

  70. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], Update existing tabs? Spawn new tabs? 70

  71. Revised permissions "permissions": [ "permissions": [ "tabs.executeScript" : { "tabs", "*://*.google.com/" "*://*.google.com/" } ], ], Read and manipulate your data on all google.com sites 71

  72. Backwards Compatibility ● Static analysis to transparently upgrade manifests ● Prevents obfuscated API calls 72

  73. Mitigation: Runtime Permissions 73

  74. Mitigation: Runtime Permissions ● Permission dialog every time an extension wants to run 74

  75. Today: Chrome Optional Permissions Feature 75

  76. Today: Chrome Optional Permissions Feature ● Requested additional permissions during runtime 76

  77. Today: Chrome Optional Permissions Feature ● Request additional permissions during runtime ● Better security and information to users 77

  78. Today: Chrome Optional Permissions Feature ● Requested additional permissions during runtime ● Better security and information to users 78

  79. Runtime Permission Dialog 79

  80. Runtime Permission Dialog Bookmarks Navigator requests 80

  81. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access 81

  82. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites 82

  83. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites We’ll ask for permission every time you open a new tab 83

  84. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites We’ll ask for permission every time you open a new tab Deny Grant 84

  85. Impact ● On developer ● On user 85

  86. Impact on Developer 86

  87. Under the Hood 87

  88. Permission Dialog Context ● Two ways to call a chrome.* API 88

  89. Rule-Based Triggers 89

  90. Logic Triggers 90

  91. Config Example { “Logic_triggers” : { “message.js:L32” : “You’ve clicked the set timer button in our extension on your navigation bar”, // More triggers } } 91

  92. Impact on User ● Usability / security tradeoff 92

  93. Usability ● Windows Vista UAC disaster 93

  94. Usability ● Windows Vista UAC disaster 94

  95. Usability ● Windows Vista UAC disaster ● Users’ skimming / not reading dialogs 95

  96. Usability Solutions 96

  97. Usability Solutions 97

  98. Usability Solutions ● Standardized dialog interface that conveys a sense of danger 98

  99. Usability Solutions ● Standardized dialog interface that conveys a sense of danger ● Conditioned-safe ceremony 99

  100. Evaluation: Mitigation Effectiveness ● User Agent Switcher: exfiltrates visited URLs and redirects users 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Chrome Extension Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome Extension Extension Small software programs that can modify and enhance the functionality of the Chrome browser. Written

576 views • 18 slides
5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

Snagit for Google Chrome: Instructions IMPORTANT. You will need to be in Chrome and Not on Chrome for this app to work. (go to Chrome first, then go to whatever site you plan to screencast.) 1. Open Chrome, Type in Snagit for Chrome.

184 views • 3 slides
Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline

Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline

Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline Chrome extension introduction Threats towards extension Chrome extensions security architecture What is Chrome

348 views • 23 slides
A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome OS Speed Security - Verified boot Security - Reboot to recover Security for the internet age Current Operating Systems Chrome OS Apps have

424 views • 8 slides
Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing

Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing

Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing Imperial College London June 26, 2017 Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 1 / 31

561 views • 54 slides
Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome OS Chrome Graphics Buffer (Prime FD) Android IPC IPC Chrome IPC Binder System Bridge Bridge (*/init*) Input Events network config, GL,

296 views • 10 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the permission model working? Are users making good decisions? Most Popular Android App Demo App abusing permissions Demo explained Permissions:

819 views • 43 slides
Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

436 views • 42 slides
Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b October 2012 2012 Luminant Corporate Safety David Friedman, CIH, MSPH, ARM Background Information Situation occurred at a lignite plant in Central

495 views • 25 slides
Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and

Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and

Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and Sample Period Erkal Ersoy Centre for Energy Economics Research and Policy Heriot-Watt University @ErkalErsoy e.ersoy@hw.ac.uk www.erkalersoy.co.uk

1.2k views • 105 slides
An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new

An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new

An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new model for conditional skewness and kurtosis based on the Normal Inverse Gaussian (NIG) distribution is proposed. The new model and two previously used

837 views • 55 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Modern web experience Modern web experience Modern web experience Web apps Extensions AdBlock NYTimes Chase Evernote Core browser Web

591 views • 40 slides
Light-Duty Slides Specifications at a Glance Products in this Model Max. Load Travel Cross

Light-Duty Slides Specifications at a Glance Products in this Model Max. Load Travel Cross

Light-Duty Slides Specifications at a Glance Products in this Model Max. Load Travel Cross Detent Disconnect Page Capacity Section Width category carry loads 2601 75 lbs. Full .50&quot; Hold-in None 13 from 75 to 108 [34 kg]

369 views • 4 slides
Cinematic Drone O S C A R F R A S S E R Cinematic Shots COMPOSITION COVERAGE CONTINUITY

Cinematic Drone O S C A R F R A S S E R Cinematic Shots COMPOSITION COVERAGE CONTINUITY

Cinematic Drone O S C A R F R A S S E R Cinematic Shots COMPOSITION COVERAGE CONTINUITY LIGHT OPTICS STABILIZATION SLOW MOTION EXPOSURE COLOR GRADING Feeling Emotion Wonder Wheel Feeling Emotion GRAMMAR OF THE SHOT A shot is the

1.02k views • 60 slides
Balancing a career in science with raising a family Prof. Ramit Mehr, Bar-Ilan University, Israel

Balancing a career in science with raising a family Prof. Ramit Mehr, Bar-Ilan University, Israel

Balancing a career in science with raising a family Prof. Ramit Mehr, Bar-Ilan University, Israel My personal story Career issues for women scientists and anyone trying to balance career and family life (... and suggestions for solutions)

133 views • 11 slides
Writing Browser Extensions in Kotlin Kirill Rakhman (@Cypressious) busradar.com KotlinJS No

Writing Browser Extensions in Kotlin Kirill Rakhman (@Cypressious) busradar.com KotlinJS No

Writing Browser Extensions in Kotlin Kirill Rakhman (@Cypressious) busradar.com KotlinJS No longer expiremental since 1.1.0 Can run anywhere where JS runs Websites NodeJS Browser Extensions Can call JS the

250 views • 24 slides
5.1 CABINETMAKERS SUPPLY www.cabinetmakerssupply.net fax) 703-421-6333 (ph) 703-421-6331 3554 -

5.1 CABINETMAKERS SUPPLY www.cabinetmakerssupply.net fax) 703-421-6333 (ph) 703-421-6331 3554 -

CABINETMAKERS SUPPLY www.cabinetmakerssupply.net fax) 703-421-6333 (ph) 703-421-6331 DRAWER SLIDES 10032 Precision Slides Use for box drawer or pedestal file drawers up to 20 wide. Manufactured by an ISO 9001 registered plant of heat hardened

312 views • 13 slides
C-SPARQL: A Continuous Extension of SPARQL Marco Balduini marco.balduini@polimi.it Share,

C-SPARQL: A Continuous Extension of SPARQL Marco Balduini marco.balduini@polimi.it Share,

Stream Reasoning for Linked Data M. Balduini, J-P Calbimonte, O. Corcho, D. Dell'Aglio, E. Della Valle http://streamreasoning.org/events/sr4ld2014 C-SPARQL: A Continuous Extension of SPARQL Marco Balduini marco.balduini@polimi.it Share,

707 views • 37 slides
ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim Hila Zarosim TCC 2013 Obli i Oblivious Transfer T f The other message message remains secret to the the receiver Obli i Oblivious

757 views • 38 slides

More recommend