Infected websites can now get hold of browser extension APIs to execute code inside the browser in order to steal sensitive information such as browsing history, bookmarks, and even user cookies.
The attacker can also seize the user’s active login sessions and access account information such as emails, social media profiles, and even professional credentials. Moreover, the same extension APIs can also be used to trigger the download of malicious files and store them on the user’s device to retrieve data later on.
Dolière Francis Somé, a researcher with the Université Côte d’Azur and with INRIA, a French researcher institute, made evidence of these types of attacks visible. Somé created a tool and tested over 78,000 Chrome, Firefox, and Opera extensions where he was able to identify 197 extensions that exposed internal extension API communication interfaces to web applications, giving malicious websites a direct avenue to the data stored inside a user's browser – the data that could not be obtained without proper permission.
Even the French researcher was surprised at the results and confirmed that only 15 of the 197 extensions belonged to the developer.
Moreover, he revealed that around 55 percent of the vulnerable extensions had fewer than 1,000 installs, but over 15 percent had over 10,000.
Chrome also acknowledged the problem and is working along with the researcher to take appropriate actions for the same.
The researcher has also created a tool that allows users to check if their extension contains vulnerable API’s. The web-based tool can be found here and users can copy-paste the content of an extensions manifest.json file to make it functional.
Photo: Rawpixel
Read more cyber security news here.
The attacker can also seize the user’s active login sessions and access account information such as emails, social media profiles, and even professional credentials. Moreover, the same extension APIs can also be used to trigger the download of malicious files and store them on the user’s device to retrieve data later on.
Dolière Francis Somé, a researcher with the Université Côte d’Azur and with INRIA, a French researcher institute, made evidence of these types of attacks visible. Somé created a tool and tested over 78,000 Chrome, Firefox, and Opera extensions where he was able to identify 197 extensions that exposed internal extension API communication interfaces to web applications, giving malicious websites a direct avenue to the data stored inside a user's browser – the data that could not be obtained without proper permission.
Even the French researcher was surprised at the results and confirmed that only 15 of the 197 extensions belonged to the developer.
Moreover, he revealed that around 55 percent of the vulnerable extensions had fewer than 1,000 installs, but over 15 percent had over 10,000.
Related: ‘Affected’ Instagram Celebrities Hire Their Own Team of HackersAccording to Francis, the browser vendors have been notified regarding his findings. In fact, all vendors acknowledged his research while Firefox and Opera immediately got to work in removing the extensions.
Chrome also acknowledged the problem and is working along with the researcher to take appropriate actions for the same.
The researcher has also created a tool that allows users to check if their extension contains vulnerable API’s. The web-based tool can be found here and users can copy-paste the content of an extensions manifest.json file to make it functional.
Photo: Rawpixel
Read more cyber security news here.