Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions
This work addresses security vulnerabilities for browser users and developers, highlighting risks from over-privileged extensions, but it is incremental as it builds on known issues with more detailed analysis.
The paper tackles the security threats posed by malicious browser extensions by presenting a botnet framework and implementing a comprehensive range of attacks on Chrome, Firefox, and Firefox-for-Android across Windows, Linux, and Android systems, verifying these through experiments.
Browser extensions have been established as a common feature present in modern browsers. However, some extension systems risk exposing APIs which are too permissive and cohesive with the browser's internal structure, thus leaving a hole for malicious developers to exploit security critical functionality within the browser itself. In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range of attacks that can be launched in this framework. We systematically categorize, describe and implement these attacks against Chrome, Firefox and Firefox-for-Android, and verify experiments on Windows, Linux and Android systems. To the best of our knowledge, this paper presents to date the most comprehensive analysis about the threats of botnet in modern browsers due to the over-privileged capabilities possessed by browser extensions. We also discuss countermeasures to the identified problems.