{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T22:04:16Z","timestamp":1766181856460,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,4,25]],"date-time":"2022-04-25T00:00:00Z","timestamp":1650844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Knut and Alice Wallenberg Foundation"},{"name":"Swedish Research Council (VR)"},{"name":"Facebook"},{"name":"Swedish Foundation for Strategic Research (SSF)"},{"name":"Wallenberg AI, Autonomous Systems and Software Program (WASP)"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,4,25]]},"DOI":"10.1145\/3477314.3507098","type":"proceedings-article","created":{"date-parts":[[2022,5,7]],"date-time":"2022-05-07T00:37:36Z","timestamp":1651883856000},"page":"1694-1703","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Hardening the security analysis of browser extensions"],"prefix":"10.1145","author":[{"given":"Benjamin","family":"Eriksson","sequence":"first","affiliation":[{"name":"Chalmers University of Technology"}]},{"given":"Pablo","family":"Picazo-Sanchez","sequence":"additional","affiliation":[{"name":"Chalmers University of Technology"}]},{"given":"Andrei","family":"Sabelfeld","sequence":"additional","affiliation":[{"name":"Chalmers University of Technology"}]}],"member":"320","published-online":{"date-parts":[[2022,5,6]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"A. Aggarwal B. Viswanath L. Zhang S. Kumar A. Shah and P. Kumaraguru. 2018. I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions. In Euro S&P. 47--61.","DOI":"10.1109\/EuroSP.2018.00012"},{"key":"e_1_3_2_1_2_1","unstructured":"Apple. 2021. Messaging Between the App and JavaScript in a Safari Web Extension. https:\/\/developer.apple.com\/documentation\/safariservices\/safari_web_extensions\/messaging_between_the_app_and_javascript_in_a_safari_web_extension."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1995376.1995398"},{"key":"e_1_3_2_1_4_1","volume-title":"Prateek Saxena, and Aaron Boodman.","author":"Barth Adam","year":"2010","unstructured":"Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. 2010. Protecting Browsers from Extension Vulnerabilities.. In NDSS."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"crossref","unstructured":"A. Barua M. Zulkernine and K. Weldemariam. 2013. Protecting Web Browser Extensions from JavaScript Injection Attacks. In ICECCS. 188--197.","DOI":"10.1109\/ICECCS.2013.36"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Lujo Bauer Shaoying Cai Limin Jia Timothy Passaro and Yuan Tian. 2014. Analyzing the dangers posed by Chrome extensions. In CNS . 184--192.","DOI":"10.1109\/CNS.2014.6997485"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Ahmet Salih Buyukkayhan Kaan Onarlioglu William K. Robertson and Engin Kirda. 2016. CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities. In NDSS.","DOI":"10.14722\/ndss.2016.23149"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"S. Calzavara M. Bugliesi S. Crafa and E. Steffinlongo. 2015. Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions. In PLAS.","DOI":"10.1007\/978-3-662-46669-8_21"},{"key":"e_1_3_2_1_9_1","volume-title":"Adrienne Porter Felt, and David Wagner","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini, Adrienne Porter Felt, and David Wagner. 2012. An Evaluation of the Google Chrome Extension Security Architecture.. In USENIX Sec. 97--111."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Wentao Chang and Songqing Chen. 2013. Defeat Information Leakage from Browser Extensions via Data Obfuscation. In ICICS. 33--48.","DOI":"10.1007\/978-3-319-02726-5_3"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","unstructured":"W. Chang and S. Chen. 2016. ExtensionGuard: Towards runtime browser extension information leakage detection. In CNS. 154--162.","DOI":"10.1109\/CNS.2016.7860481"},{"key":"e_1_3_2_1_12_1","volume-title":"Mystique: Uncovering Information Leakage from Browser Extensions. In CCS. 1687--1700.","author":"Chen Quan","year":"2018","unstructured":"Quan Chen and Alexandros Kapravelos. 2018. Mystique: Uncovering Information Leakage from Browser Extensions. In CCS. 1687--1700."},{"key":"e_1_3_2_1_13_1","unstructured":"Chrome. 2019. Content scripts. https:\/\/developer.chrome.com\/docs\/extensions\/mv2\/content_scripts\/."},{"key":"e_1_3_2_1_14_1","unstructured":"Chrome. 2020. Chrome extensions permission model. https:\/\/developer.chrome.com\/extensions\/declare_permissions."},{"key":"e_1_3_2_1_15_1","unstructured":"Google Chrome. 2020. Migrating to Manifest V3. https:\/\/developer.chrome.com\/extensions\/migrating_to_manifest_v3."},{"key":"e_1_3_2_1_16_1","unstructured":"crytpo-wallet-steal-2020 2020. Google Pulls 49 Cryptocurrency Wallet Browser Extensions Found Stealing Private Keys. https:\/\/news.bitcoin.com\/google-cryptocurrency-wallet-browser\/."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"M. Dhawan and V. Ganapathy. 2009. Analyzing Information Flow in JavaScript-Based Browser Extensions. In ACSAC. 382--391.","DOI":"10.1109\/ACSAC.2009.43"},{"key":"e_1_3_2_1_18_1","unstructured":"Firefox. 2020. Firefox extensions permission model. https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Add-ons\/WebExtensions\/manifest.json\/permissions."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","unstructured":"A. Guha M. Fredrikson B. Livshits and N. Swamy. 2011. Verified Security for Browser Extensions. In S&P. 115--130. 10.1109\/SP.2011.36","DOI":"10.1109\/SP.2011.36"},{"key":"e_1_3_2_1_20_1","unstructured":"Sam Jadali. 2019. DataSpii: The catastrophic data leak via browser extensions. https:\/\/securitywithsam.com\/2019\/07\/dataspii-leak-via-browser-extensions\/."},{"key":"e_1_3_2_1_21_1","unstructured":"N. Jagpal E. Dingle J.-P. Gravel P. Mavrommatis N. Provos M. Abu Rajab and K. Thomas. 2015. Trends and Lessons from Three Years Fighting Malicious Extensions. In USENIX Sec. 579--593."},{"key":"e_1_3_2_1_22_1","volume-title":"Hulk: Eliciting Malicious Behavior in Browser Extensions. In USENIX Sec. 641--654.","author":"Kapravelos A.","year":"2014","unstructured":"A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna, and V. Paxson. 2014. Hulk: Eliciting Malicious Behavior in Browser Extensions. In USENIX Sec. 641--654."},{"key":"e_1_3_2_1_23_1","volume-title":"Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting. In NDSS.","author":"Karami Soroush","year":"2020","unstructured":"Soroush Karami, Panagiotis Ilia, Konstantinos Solomos, and Jason Polakis. 2020. Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting. In NDSS."},{"key":"e_1_3_2_1_24_1","unstructured":"Jesse Kornblum. 2021. ssdeep - Fuzzy hashing program. https:\/\/ssdeep-project.github.io\/ssdeep\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Pierre Laperdrix Oleksii Starov Quan Chen Alexandros Kapravelos and Nick Nikiforakis. 2021. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets. In USENIX Sec."},{"key":"e_1_3_2_1_26_1","unstructured":"Zhiwei Li Warren He Devdatta Akhawe and Dawn Song. 2014. The Emperor's New Password Manager: Security Analysis of Web-based Password Managers. In USENIX Sec."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Xu Lin Panagiotis Ilia and Jason Polakis. 2020. Fill in the Blanks: Empirical Analysis of the Privacy Threats of Browser Form Autofill. In CCS.","DOI":"10.1145\/3372297.3417271"},{"key":"e_1_3_2_1_28_1","volume-title":"Chrome Extensions: Threat Analysis and Countermeasures.. In NDSS.","author":"Liu Lei","year":"2012","unstructured":"Lei Liu, Xinwen Zhang, Guanhua Yan, Songqing Chen, et al. 2012. Chrome Extensions: Threat Analysis and Countermeasures.. In NDSS."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Nikolaos Pantelaios Nick Nikiforakis and Alexandros Kapravelos. 2020. You've Changed: Detecting Malicious Browser Extensions through Their Update Deltas. In CCS. 477--491.","DOI":"10.1145\/3372297.3423343"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5220\/0010900600003120"},{"key":"e_1_3_2_1_31_1","unstructured":"puppeteer. 2021. puppeteer. https:\/\/github.com\/puppeteer\/puppeteer."},{"key":"e_1_3_2_1_32_1","unstructured":"Reuters. 2020. Exclusive: Massive spying on users of Google's Chrome shows new security weakness. https:\/\/www.reuters.com\/article\/us-alphabet-google-chrome-exclusive\/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.09.003"},{"key":"e_1_3_2_1_34_1","volume-title":"Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In USENIX Sec.","author":"S\u00e1nchez-Rola I.","year":"2017","unstructured":"I. S\u00e1nchez-Rola, I. Santos, and D. Balzarotti. 2017. Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In USENIX Sec."},{"key":"e_1_3_2_1_35_1","volume-title":"Password Managers: Attacks and Defenses. In USENIX Sec. 449--464.","author":"Silver David","year":"2014","unstructured":"David Silver, Suman Jana, Dan Boneh, Eric Chen, and Collin Jackson. 2014. Password Managers: Attacks and Defenses. In USENIX Sec. 449--464."},{"key":"e_1_3_2_1_36_1","volume-title":"Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In NDSS.","author":"Sj\u00f6sten A.","year":"2019","unstructured":"A. Sj\u00f6sten, S. Van Acker, P. Picazo-Sanchez, and A. Sabelfeld. 2019. Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. In NDSS."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"D. F. Som\u00e9. 2019. EmPoWeb: Empowering Web Applications with Browser Extensions. In S&P. 227--245.","DOI":"10.1109\/SP.2019.00058"},{"key":"e_1_3_2_1_38_1","volume-title":"Unnecessarily Identifiable: Quantifying the Fingerprintability of Browser Extensions Due to Bloat. In WWW. 3244--3250.","author":"Starov Oleksii","year":"2019","unstructured":"Oleksii Starov, Pierre Laperdrix, Alexandros Kapravelos, and Nick Nikiforakis. 2019. Unnecessarily Identifiable: Quantifying the Fingerprintability of Browser Extensions Due to Bloat. In WWW. 3244--3250."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Oleksii Starov and Nick Nikiforakis. 2017. Extended Tracking Powers: Measuring the Privacy Diffusion Enabled by Browser Extensions. In WWW. 1481--1490.","DOI":"10.1145\/3038912.3052596"},{"key":"e_1_3_2_1_40_1","volume-title":"XHOUND: Quantifying the Fingerprintability of Browser Extensions. In S&P. 941--956.","author":"Starov O.","year":"2017","unstructured":"O. Starov and N. Nikiforakis. 2017. XHOUND: Quantifying the Fingerprintability of Browser Extensions. In S&P. 941--956."},{"key":"e_1_3_2_1_41_1","volume-title":"Jin Soon Lim, and V. N. Venkatakrishnan","author":"Louw Mike Ter","year":"2007","unstructured":"Mike Ter Louw, Jin Soon Lim, and V. N. Venkatakrishnan. 2007. Extensible Web Browser Security. In DIMVA. 1--19."},{"key":"e_1_3_2_1_42_1","unstructured":"usmedicalit. 2020. Another Chrome extension is stealing passwords. https:\/\/www.usmedicalit.com\/2018\/09\/18\/another-chrome-extension-is-stealing-passwords\/."},{"key":"e_1_3_2_1_43_1","unstructured":"vabr@chromium.org. 2016. Issue 636425: Value of Autofilled in-put[type=\"password\"] Shows in DOM as Empty. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=636425\/."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Mengfei Xie Jianming Fu Jia He Chenke Luo and Guojun Peng. 2020. JTaint: Finding Privacy-Leakage in Chrome Extensions. In ACISP. 563--583.","DOI":"10.1007\/978-3-030-55304-3_29"}],"event":{"name":"SAC '22: The 37th ACM\/SIGAPP Symposium on Applied Computing","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"],"location":"Virtual Event","acronym":"SAC '22"},"container-title":["Proceedings of the 37th ACM\/SIGAPP Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3477314.3507098","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3477314.3507098","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:31:28Z","timestamp":1750188688000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3477314.3507098"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,25]]},"references-count":44,"alternative-id":["10.1145\/3477314.3507098","10.1145\/3477314"],"URL":"https:\/\/doi.org\/10.1145\/3477314.3507098","relation":{},"subject":[],"published":{"date-parts":[[2022,4,25]]},"assertion":[{"value":"2022-05-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}