Protecting Browsers from Extension Vulnerabilities

摘要

Browser extensions are remarkably popular, with one inrnthree Firefox users running at least one extension. Althoughrnwell-intentioned, extension developers are often not securityrnexperts and write buggy code that can be exploited by maliciousrnweb site operators. In the Firefox extension system,rnthese exploits are dangerous because extensions run withrnthe user’s full privileges and can read and write arbitraryrnfiles and launch new processes. In this paper, we analyzern25 popular Firefox extensions and find that 88% of thesernextensions need less than the full set of available privileges.rnAdditionally, we find that 76% of these extensions use unnecessarilyrnpowerful APIs, making it difficult to reduce theirrnprivileges. We propose a new browser extension system thatrnimproves security by using least privilege, privilege separation,rnand strong isolation. Our system limits the misdeedsrnan attacker can perform through an extension vulnerability.rnOur design has been adopted as the Google Chromernextension system.