


























Browser Extensions (often called plugins or addons) are small pieces of code that let developers add additional functionality to the browser. However, with extensions comes a security price: the user must trust the developer. We look at ways in which this trust can be broken and malicious extensions installed. We also look at silent installations of plugins in various browsers and work on ways to make silent installations possible in browsers that work against it. We compare the browser extension mechanism among various browsers, and try to create a set of rules to maintain the principle of least privileges in the browser. We track various plugins and determine whether the least privileges required match with the privileges asked for. We also work on a survey of extensions (for various browsers) and determine the nature of attacks possible. For eg, if a developer account gets hacked, updating of a normal extension with a malicious one is possible. We look at privilege abuse and survey extensions that ask for more privileges than they use. We finally provide a solution and allow a person to check the authenticity of the extension even before they download it.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。