Delve into Malware on Browsers Finding related web content alterations between browser extensions
Examensarbete för masterexamen
Computer science – algorithms, languages and logic (MPALG), MSc
Becerra, Joel Moriana
Providing the possibility of installing extensions has become a must-have feature for all major browsers. Extensions allow users to enhance and customise the browser functionalities by, for example, modifying the appearance of the web pages, providing security suites or blocking ads. In this work, we make a first step towards monitoring web content alterations coming from extensions. In particular, we focus on the identification of relations between the mutations performed by different extensions. The study is motivated by the sequential and event-driven execution model running on web pages. That model entails that browser extensions can react to web content alterations performed by other extensions; hence, extensions have access to the data introduced by other extensions. We implement our prototype as a couple of logging extensions running on a modified version of Chromium. The approach relies on dynamic analysis of extensions and a simulation of a user surfing the web. Our system is capable of automatically detect web content alterations performed by extensions and identify the events that triggered them. We analyse the 150 most downloaded extensions from Chrome Web Store and characterise the most common alterations as well as the events that cause those mutations. Finally, although we did not detect direct relations between the extensions analysed, we discuss the alterations identified and the implications of the actual execution model.
Data- och informationsvetenskap , Computer and Information Science