Two security flaws can be compromising your browser extension listSeptember 28th, 2017
Online security experts have recently unveiled two flaws which affect the Internet browser extension system. These serious flaws have been found in the extension system of most major internet browsers including: Chrome, Firefox, Opera, Safari and others.
The problem with these flaws is that attackers can exploit them to get a 100% full list of all extensions which are installed on a user’s browser. Such information can be used for malicious fingerprinting of users and for unmasking those users who are browsing behind a VPN or for Tor traffic in order to create accurate advertising profiles.
Flaw #1 affects the hugely popular WebExtensions API
European researchers from French Eurocom and the University of Duesto in Spain have discovered these serious problems. The first one affects the Chromium based browsers’ extension system, which means that Chrome, Yandex, Opera and Comodo Dragon as well as possibly: Firefox, Vivaldi, Edge and Brave can be attacked.
Although the WebExtensions API features access control settings which help protect the browsers from attackers who are aiming to get to the full list of extensions installed in the browser via the manifest.json file, according to the team of researchers it is possible for attackers to access the information by bombarding the browser of the target user with double requests, and then recording the time which the browser takes to respond. They tested this method on Chrome, Yandex browser, Comodo Dragon and Opera and it worked. Also, they found that old Firefox plugin systems are also vulnerable to such attacks.
Flaw #2 The URL leakage in Safari
This flaw was found in the add-on system of the Safari browser. Instead of a manifest.json file, the extension system in Safari generates a random URL for each browsing session which should be accessible only by the user while using the browser. But the security research team found that there are ways to leak the data necessary for guessing the random URLs. In fact, their tests found that in 40.5% of the tested extensions for Safari their URL could be leaked.
What is being done to fix these potentially dangerous flaws?
The team of researchers has published their worrying findings in a paper and have disclosed it to all interested parties and developers with the intent of finding ways to resolve these potential problems and to take the appropriate countermeasures to prevent future such attacks and data leakage.
The paper which is titled “Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies“, the authors also discuss in detail the ways in which attackers can use both of these browser extension system flaws not only for advertising analytics, but also for even more malicious reasons such as: social engineering, targeted malware installation and vulnerable extension exploitation.
The experts who discovered these flaws claim that the resolution for these potential leaks is for the browsers to be updated in a way which will prevent such attacks and the leakage of data. So far, no such steps have been taken by the major browsers, but in the meantime users can help prevent such attacks by using firewalls or other application level access control devices to protect their privacy when browsing.
Now you have the information you don't want to order New Site