Extensions complement web browsers with additional functionalities and also bring new
vulnerability venues, allowing privilege escalations from adversarial web pages to use …

Browser extensions are popular to enhance users' browsing experience. By design, they
have access to security-and privacy-critical APIs to perform tasks that web applications …

Browser extensions are small JavaScript, CSS and HTML programs that run inside the
browser with special privileges. These programs, often written by third parties, operate on …

This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS).
We leverage historical data provided by ChromeStats to study global trends in the CWS and …

Browser extension systems risk exposing APIs, which are too permissive and cohesive with
the browser's internal structure, leaving a hole for malicious developers to exploit security …

Unsafely coded browser extensions can compromise the security of a browser, making them
attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among …

In recent years, with the advances in JavaScript engines and the adoption of HTML5 APIs,
web applications begin to show a tendency to shift their functionality from the server side …

Browser extensions enhance the user experience in a variety of ways. However, to support
these expanded services, extensions are provided with elevated privileges that have made …

In this work, we perform a comprehensive analysis of the security of text input fields in web
browsers. We find that browsers' coarse-grained permission model violates two security …

A common characteristic of modern web browsers is that their functionality can be extended
via third-party add-ons. In this paper we focus on Chrome extensions, to which the Chrome …