Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Protecting Browsers from Extension Vulnerabilities

Adam Barth, Adrienne Porter Felt, Prateek Saxena and Aaron Boodman

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2009-185
December 18, 2009

http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-185.pdf

Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web site operators. In the Firefox extension system, these exploits are dangerous because extensions run with the user's full privileges and can read and write arbitrary files and launch new processes. In this paper, we analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges. Additionally, we find that 76% of these extensions use unnecessarily powerful APIs, making it difficult to reduce their privileges. We propose a new browser extension system that improves security by using least privilege, privilege separation, and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability. Our design has been adopted as the Google Chrome extension system.


BibTeX citation:

@techreport{Barth:EECS-2009-185,
    Author = {Barth, Adam and Felt, Adrienne Porter and Saxena, Prateek and Boodman, Aaron},
    Title = {Protecting Browsers from Extension Vulnerabilities},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2009},
    Month = {Dec},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-185.html},
    Number = {UCB/EECS-2009-185},
    Abstract = {Browser extensions are remarkably popular, with one in three Firefox users running at least one extension.  Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web site operators.   In the Firefox extension system, these exploits are dangerous because extensions run with the user's full privileges and can read and write arbitrary files and launch new processes.  In this paper, we analyze 25 popular Firefox extensions and find that 88% of these extensions need less than the full set of available privileges.  Additionally, we find that 76% of these extensions use unnecessarily powerful APIs, making it difficult to reduce their privileges.  We propose a new browser extension system that improves security by using least privilege, privilege separation, and strong isolation.  Our system limits the misdeeds an attacker can perform through an extension vulnerability.  Our design has been adopted as the Google Chrome extension system.}
}

EndNote citation:

%0 Report
%A Barth, Adam
%A Felt, Adrienne Porter
%A Saxena, Prateek
%A Boodman, Aaron
%T Protecting Browsers from Extension Vulnerabilities
%I EECS Department, University of California, Berkeley
%D 2009
%8 December 18
%@ UCB/EECS-2009-185
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-185.html
%F Barth:EECS-2009-185