Most users have at least one browser extension or plugin running in their software. These add-ons commonly enhance the web browsing experience by provide tools that simplify password management, document viewing and editing, or assist in the viewing and interaction with a given web page. However, as with all software, extensions are vulnerable to the attention of malicious users and programmers who might intercept an extension in order to take control of a user’s computer, spy on the user, or steal their personal and private data.
Writing in the International Journal of Information Privacy, Security and Integrity, Kailas Patil of the Department of Computer Engineering, at Vishwakarma Institute of Information Technology (VIIT), in Pune, India, points out that permission controls preclude certain kinds of malicious attack that exploits a browser extension. However, such controls do not block all possible scripts that might breach one’s system and many users simply grant extensions all permissions without due consideration. He points out that content scripts pose a serious threat to user confidentiality and the integrity of web application data.
One permission that is commonly accepted by lay users is to allow a script to inject content into a web page. This usually adds functionality, such as page touch-up, page content translation, user input capturing, and other beneficial characteristics. However, once a content script is injected into a web page it has full privileges to access the web application’s resources. If such a script is rendered malicious by a hacker or rogue programmer or is simply offered by an unscrupulous organization then a user may be readily compromised by that extension. In Patil’s study of 50 extensions from ten different categories in the Google web store, more than three quarters of extensions injected content scripts into arbitrary websites.
Patil has now developed a kind of browser sandbox, which he refers to as SessionGuard. This system isolates content scripts in their own environment, the shadow DOM. From this virtual shadow world, any given content script only gets to see an encrypted view of the web application data passing between client and server, It can still carry out the tasks for which it is designed but without the extension itself being able to reveal data to a (malicious) third party.
“We have developed a proof-of-concept prototype in the Google Chrome web browser with little effect on normal browsing experience,” Patil says. “Our experiments with real-world browser extensions demonstrate the effectiveness of the SessionGuard in protecting the confidentiality and integrity of web application data against malicious content scripts.”
Patil, K. (2017) ‘Isolating malicious content scripts of browser extensions’, Int. J. Information Privacy, Security and Integrity, Vol. 3, No. 1, pp.18–37.