Browser fingerprinting is an invasive and opaque stateless tracking technique. Browser
vendors, academics, and standards bodies have long struggled to provide meaningful …

With the growing popularity of modularity in software development comes the rise of
package managers and language ecosystems. Among them, npm stands out as the most …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …

The widespread use of web applications has also made them more vulnerable to hackers,
resulting in the leakage of large amounts of application and personal privacy data. Cross …

Browser extensions are popular to enhance users' browsing experience. By design, they
have access to security-and privacy-critical APIs to perform tasks that web applications …

Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …

As the largest package registry, Node Package Manager (NPM) has become the prime
target for various supply chain attacks recently and has been flooded with numerous …

Pressured by existing regulations such as the EU GDPR, online services must advertise a
personal data protection policy declaring the types and purposes of collected personal data …

Extensions complement web browsers with additional functionalities and also bring new
vulnerability venues, allowing privilege escalations from adversarial web pages to use …