A Model-Based Detection of Vulnerable and Malicious Browser Extensions

Abstract

Attacks such as XSS and SQL injections are still common in browser extensions due to the presence of potential vulnerabilities in extensions and some extensions are also malicious by design. As a consequence, much effort in the past has been spent on detecting vulnerable and malicious browser extensions. These techniques are limited to only detect either new forms of vulnerable or malicious extensions but not both. In this paper, we present a model-based approach to detect vulnerable and malicious browser extensions by widening and complementing existing techniques. We observe and utilize various common and distinguishing characteristics of benign, vulnerable, and malicious extensions to build our detection models. The models are well trained using a set of features extracted from a number of widely used browser extensions together with user supplied specifications. We implemented the approach for Mozilla Firefox extensions and evaluated it in a number of browser extensions. Our evaluation indicates that the approach not only detects known vulnerable and malicious extensions, but also identifies previously undetected extensions with a negligible performance overhead.