DEF CON 29 - Barak Sternberg - Extension Land: Exploits and Rootkits in Your Browser Extensions
HTML-код
- Опубликовано: 12 сен 2024
- Browser extensions are installed anywhere, they serve as an integral part of our day-to-day web routine, from AdBlockers to Auto-Translators. But - do we know what is running inside of them? Do we know what goes deep-down inside their communication routines? How do they use their internal API’s? And how do their different JS execution contexts work?
In this session, I will explore these unique internal extension API’s, hidden attack-surfaces and show how these concepts can be broken & exploited using new ways! I start showing how an attacker can "jump" from one low-permissions chrome-app/extension to another, hence elevating its permissions. Then, I will show how to gain full "browser-persistency" inside extensions' background-scripts context.
Chaining it all together, I show how attacker, starting from low permissions chrome-app, gains a fully-armed "extension-rootkit", a persistent JS-malware running inside of a “good” extension, along with C&C features, JS injection techniques to any tab/origin, obfuscation-techniques and more. Eventually, I will present a generic technique, targeting all chrome-users, for taking over any previously installed chrome extension and implant an "extension-rootkit" in it.
REFERENCES:
[1] Chrome Developers: Chrome extensions API Reference, developer.chro...
[2] Chrome Developers: Chrome extensions Manfiest v2/v3 Security References, developer.chro... & developer.chro...
[3] "Websites Can Exploit Browser Extensions to Steal User Data", 2019 - www.securitywe... / www-sop.inria....
[4] "Web Browser Extension User-Script XSS Vulnerabilities", 2020 - ieeexplore.iee...
[5] "Detecting DOM-Sourced Cross-Site Scripting in Browser Extensions", 2017 - ieeexplore.iee...
[6] "Attacking browser extensions", Nicolas Golubovic, 2016 - golubovic.net/...
[7] "A Combined Static and Dynamic Analysis Approach to Detect Malicious Browser Extensions", 2018 - www.hindawi.co...
[8] "Chrome Extensions: Threat Analysis and Countermeasures", 2012 - citeseerx.ist....
[9] "Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies", Usenix Security 2017 - www.usenix.org...
[10] "Protecting Browsers from Extension Vulnerabilities", 2010 - static.googleu...
