Protecting Browsers from Extension Vulnerabilities
Venue
Network and Distributed System Security Symposium (2010)
Publication Year
2010
Authors
Adam Barth, Adrienne Porter Felt, Prateek Saxena, Aaron Boodman
BibTeX
Abstract
Browser extensions are remarkably popular, with one in three Firefox users running
at least one extension. Although well-intentioned, extension developers are often
not security experts and write buggy code that can be exploited by malicious web
site operators. In the Firefox extension system, these exploits are dangerous
because extensions run with the user's full privileges and can read and write
arbitrary files and launch new processes. In this paper, we analyze 25 popular
Firefox extensions and find that 88% of these extensions need less than the full
set of available privileges. Additionally, we find that 76% of these extensions use
unnecessarily powerful APIs, making it difficult to reduce their privileges. We
propose a new browser extension system that improves security by using least
privilege, privilege separation, and strong isolation. Our system limits the
misdeeds an attacker can perform through an extension vulnerability. Our design has
been adopted as the Google Chrome extension system.
