revisiting the chrome extension permissions model
play

Revisiting the Chrome Extension Permissions Model Pranav Prakash, - PowerPoint PPT Presentation

Oct 29, 2023 •17 likes •1.07k views

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of W3Counter 2 Courtesy of W3Counter 3 Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes

  1. Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1

  2. Courtesy of W3Counter 2

  3. Courtesy of W3Counter 3

  4. Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes support for 500+ malicious extensions extensions 4

  5. Chrome Extensions... 5

  6. Chrome Extensions... ● Change UI 6

  7. Chrome Extensions... ● Change UI ● Provide additional functionality 7

  8. Chrome Extensions... ● Change UI ● Provide additional functionality ● Integrate with third party apps 8

  9. Extension Ecosystem ● ~1.2B installs 9

  10. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid 10

  11. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid ● 87% have less than 1,000 installs 11

  12. Extension Ecosystem ● ~1.2B installs ● 2.6% of installed extensions are paid ● 87% have less than 1,000 installs ● Only 13 have more than 10 million installs 12

  13. Extension Ecosystem ● Most big extensions backed by a company 13

  14. Extension Ecosystem ● Most big extensions backed by a company 14

  15. Extension Ecosystem ● Most big extensions backed by a company 15

  16. Extension Ecosystem ● Most big extensions backed by a company 16

  17. 17

  18. It’s a business! 18

  19. https://extensionmonitor.com/blog/breaking-down-the-chrome-web-store-part-2 19

  20. https://extensionmonitor.com/blog/breaking-down-the-chrome-web-store-part-2 20

  21. 21

  22. Extension developers were phished! 22

  23. Extensions used for malvertising 23

  24. 24

  25. 25

  26. Nigelify 26

  27. Nigelify Link 27

  28. Nigelify Extension Link 28

  29. Nigelify Extension Link Credentials 29

  30. Nigelify Extension Link Credentials 30

  31. Nigelify Extension Link Resources Credentials 31

  32. Nigelify ● Made $1000 in < 1 week 32

  33. Nigelify ● Made $1000 in < 1 week ● Affected 100k+ users 33

  34. Nigelify ● Made $1000 in < 1 week ● Affected 100k+ users ● Prevented users from removing extension 34

  35. 35

  36. Added users to botnet 36

  37. Part of malvertising campaign 37

  38. Analyzing the threat surface of Chrome’s extension APIs 38

  39. Chrome ● Designed with security in mind ● Isolation, separation of privilege 1 39 1 Barth, Adam, et al. "Protecting browsers from extension vulnerabilities." (2010).

  40. Chrome Extension Architecture runtime.sendMessage 40

  41. Manifests "background": { ● Structure of extension "persistent": false, explicitly declared "scripts": [ "js/background.js" ] }, "content_scripts": [ { ● Permissions enumerated "js": [ "js/content.js"] "matches": ["*://*.foo.com"], "run_at": "document_start" }], "permissions": ["bookmarks"] 41

  42. Weaknesses of Permission Model ● While limited by sandboxing/isolation, malicious developers may not adhere to “principle of least privilege” 42

  43. Analyzing the Chrome APIs ● Inspect the APIs in each permission group 43

  44. Analyzing the Chrome APIs 44

  45. Analyzing the Chrome APIs ● Primary objectives of malicious extension ○ Data exfiltration ○ Website tampering ○ Phishing 45

  46. Analyzing the Chrome APIs ● CIA Triad: Confidentiality, Integrity, Availability 46

  47. Analyzing the Chrome APIs ● CIA Triad: Confidentiality, Integrity, Availability ● Classify aligned to triad ○ Info disclosure ○ Phishing ○ State manipulation ○ Obfuscation 47

  48. Analysis 48

  49. Analysis ● Majority of APIs can be abused ● Different methods within same permission have different threat profiles 49

  50. Reverse-engineering a malicious extension 50

  51. Version History 51

  52. Malicious buyout ● Rather than phish developer, outright buy an extension 52

  53. Malicious buyout ● Rather than phish developer, outright buy an extension 53 https://portswigger.net/daily-swig/when-browser-extensions-go-rogue

  54. Why so many users? ● Possibly ranked high in google search? ● Are all installs legitimate? 54

  55. Permissions Nothing too abnormal... 55

  56. Suspicious Obfuscation 56

  57. A seemingly benign jpeg 57

  58. Wait that’s not a jpeg... > file promo.jpg PNG image data, 1280 x 800, 8-bit/color RGBA, non-interlaced 58

  59. What’s in the alpha channel? 59

  60. Steganographic Obfuscation 60

  61. Takeaways? ● Limitations of static/dynamic analysis 61

  62. Takeaways? ● Limitations of static/dynamic analysis ● Permissions system has unnecessarily broad scope 62

  63. Takeaways? ● Limitations of static/dynamic analysis ● Permissions system has unnecessarily broad scope 63

  64. Mitigations to limit power of malicious extensions 64

  65. Mitigation: Fine-grained permissions ● Scope on method, not permission category ● Should not be able to update tabs if only need to refresh them 65

  66. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], 66

  67. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], Update existing tabs? Spawn new tabs? 67

  68. Wildcard Host Nothing too abnormal...? 68

  69. Scope network access ● Tie network host permission to parent permission "permissions": [ "permissions": [ "tabs", "tabs.executeScript" : { "*://*.google.com/" "*://*.google.com/" ], } ], 69

  70. Existing permissions "permissions": [ "tabs", "*://*.google.com/" ], Update existing tabs? Spawn new tabs? 70

  71. Revised permissions "permissions": [ "permissions": [ "tabs.executeScript" : { "tabs", "*://*.google.com/" "*://*.google.com/" } ], ], Read and manipulate your data on all google.com sites 71

  72. Backwards Compatibility ● Static analysis to transparently upgrade manifests ● Prevents obfuscated API calls 72

  73. Mitigation: Runtime Permissions 73

  74. Mitigation: Runtime Permissions ● Permission dialog every time an extension wants to run 74

  75. Today: Chrome Optional Permissions Feature 75

  76. Today: Chrome Optional Permissions Feature ● Requested additional permissions during runtime 76

  77. Today: Chrome Optional Permissions Feature ● Request additional permissions during runtime ● Better security and information to users 77

  78. Today: Chrome Optional Permissions Feature ● Requested additional permissions during runtime ● Better security and information to users 78

  79. Runtime Permission Dialog 79

  80. Runtime Permission Dialog Bookmarks Navigator requests 80

  81. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access 81

  82. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites 82

  83. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites We’ll ask for permission every time you open a new tab 83

  84. Runtime Permission Dialog Bookmarks Navigator requests Bookmarks access Bookmarks enable easy access to your favorite sites We’ll ask for permission every time you open a new tab Deny Grant 84

  85. Impact ● On developer ● On user 85

  86. Impact on Developer 86

  87. Under the Hood 87

  88. Permission Dialog Context ● Two ways to call a chrome.* API 88

  89. Rule-Based Triggers 89

  90. Logic Triggers 90

  91. Config Example { “Logic_triggers” : { “message.js:L32” : “You’ve clicked the set timer button in our extension on your navigation bar”, // More triggers } } 91

  92. Impact on User ● Usability / security tradeoff 92

  93. Usability ● Windows Vista UAC disaster 93

  94. Usability ● Windows Vista UAC disaster 94

  95. Usability ● Windows Vista UAC disaster ● Users’ skimming / not reading dialogs 95

  96. Usability Solutions 96

  97. Usability Solutions 97

  98. Usability Solutions ● Standardized dialog interface that conveys a sense of danger 98

  99. Usability Solutions ● Standardized dialog interface that conveys a sense of danger ● Conditioned-safe ceremony 99

  100. Evaluation: Mitigation Effectiveness ● User Agent Switcher: exfiltrates visited URLs and redirects users 100

Recommend

Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome

Chrome Extension Introduction Presenter: Jienan Liu Network, Intelligence &amp; security Lab What is Chrome Extension Extension Small software programs that can modify and enhance the functionality of the Chrome browser. Written

576 views • 18 slides
5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

Snagit for Google Chrome: Instructions IMPORTANT. You will need to be in Chrome and Not on Chrome for this app to work. (go to Chrome first, then go to whatever site you plan to screencast.) 1. Open Chrome, Type in Snagit for Chrome.

184 views • 3 slides
Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline

Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline

Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence &amp; security Lab outline Chrome extension introduction Threats towards extension Chrome extensions security architecture What is Chrome

348 views • 23 slides
A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome OS Speed Security - Verified boot Security - Reboot to recover Security for the internet age Current Operating Systems Chrome OS Apps have

424 views • 8 slides
Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing

Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing

Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing Imperial College London June 26, 2017 Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 1 / 31

561 views • 54 slides
Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome OS Chrome Graphics Buffer (Prime FD) Android IPC IPC Chrome IPC Binder System Bridge Bridge (*/init*) Input Events network config, GL,

296 views • 10 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language

Teaching Acknowledgement &amp; Permissions Acknowledgement &amp; Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the permission model working? Are users making good decisions? Most Popular Android App Demo App abusing permissions Demo explained Permissions:

819 views • 43 slides
Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

436 views • 42 slides
Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b October 2012 2012 Luminant Corporate Safety David Friedman, CIH, MSPH, ARM Background Information Situation occurred at a lignite plant in Central

495 views • 25 slides
Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and

Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and

Revisiting the Oil Price Macro Relationship in the US The Role of Model Specification and Sample Period Erkal Ersoy Centre for Energy Economics Research and Policy Heriot-Watt University @ErkalErsoy e.ersoy@hw.ac.uk www.erkalersoy.co.uk

1.2k views • 105 slides
An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new

An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new

An extension of the NIG-S&amp;ARCH model with an application to Value at Risk Abstract A new model for conditional skewness and kurtosis based on the Normal Inverse Gaussian (NIG) distribution is proposed. The new model and two previously used

837 views • 55 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78

pNFS Access Permissions Check draft-faibish-nfsv4-pnfs-access-permissions-check-03.txt IETF 78 NFSv4 WG Meeting, July 28, 2010 Sorin Faibish sfaibish@emc.com David Black - EMC Mike Eisler - NetApp Jason Glasgow - Google Problem Statement

376 views • 6 slides
Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett

Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett

Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett Chrome OS Internals LinuxCon Europe 2014 1 / 43 Overview Intro to Chrome OS Architecture of Chrome OS Verified boot and developer mode Security

1.39k views • 110 slides
Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA Software Institute About me Im Pepe @cgvwzq http://vwzq.net/ Some notes about Chrome Chrome was a blackbox for me. Its code base is immense.

622 views • 38 slides
Planning application LCC/2020/0018 Extension and restoration of quarry by means of infill with

Planning application LCC/2020/0018 Extension and restoration of quarry by means of infill with

Planning application LCC/2020/0018 Extension and restoration of quarry by means of infill with inert construction, demolition and excavation waste together with ancillary activities, and the consolidation of existing planning permissions at

882 views • 19 slides
THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson

THESE ARENT THE PERMISSIONS YOURE LOOKING FOR Anthony Lineberry David Luke Richardson Tim Wyatt BlackHat USA 2010 AGENDA Android Internals Overview Security/Permission Model Why Ask For Permission When You Can Ask For

1.17k views • 87 slides
A logic model is A depiction of a program showing what the program will do and what it is

A logic model is A depiction of a program showing what the program will do and what it is

Developing a logic model University of Wisconsin - Extension, Cooperative Extension, Program Development and Evaluation University of Wisconsin - Extension, Cooperative Extension, Program Development and Evaluation A logic model is A

977 views • 86 slides
Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style

Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style

Revisiting TESLA in the quantum random oracle model Selected history of Fiat-Shamir style signatures from LWE or SIS Lyubashevsky 2012 Sigs via Fiat-Shamir Bai-Galbraith BLISS 2013 Short sigs Optimized DBGGOPSS 2014 Improvements,

1.6k views • 43 slides
COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 1 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions Owners, Group Members, and Everyone Else Read, Writing, and Executing Digression: Number Systems chmod - Change

280 views • 14 slides
a C h r o m e b o o k t o o Maksim Lin Freelance Android &amp; Chrome App Developer

a C h r o m e b o o k t o o Maksim Lin Freelance Android &amp; Chrome App Developer

Oh the things you could do if you had a C h r o m e b o o k t o o Maksim Lin Freelance Android &amp; Chrome App Developer www.manichord.com So what are Chromebooks, ChromeOS And Chrome (Packaged) Apps? Chromebooks (and

612 views • 28 slides

More recommend