{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T22:46:33Z","timestamp":1771541193327,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560685","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"23-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Helping or Hindering?"],"prefix":"10.1145","author":[{"given":"Shubham","family":"Agarwal","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. Black Canary Code. https:\/\/github.com\/shubh401\/black_canary.git  2022. Black Canary Code. https:\/\/github.com\/shubh401\/black_canary.git"},{"key":"e_1_3_2_1_2_1","unstructured":"Shubham Agarwal and Ben Stock. 2021a. Critical errors in our recent MADweb paper. https:\/\/swag.cispa.saarland\/default\/2021\/07\/19\/madweb-headers.html  Shubham Agarwal and Ben Stock. 2021a. Critical errors in our recent MADweb paper. https:\/\/swag.cispa.saarland\/default\/2021\/07\/19\/madweb-headers.html"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2021.23016"},{"key":"e_1_3_2_1_4_1","volume-title":"I spy with my little eye: Analysis and detection of spying browser extensions","author":"Aggarwal Anupama","unstructured":"Anupama Aggarwal , Bimal Viswanath , Liang Zhang , Saravana Kumar , Ayush Shah , and Ponnurangam Kumaraguru . 2018. I spy with my little eye: Analysis and detection of spying browser extensions . In IEEE Euro S &P. Anupama Aggarwal, Bimal Viswanath, Liang Zhang, Saravana Kumar, Ayush Shah, and Ponnurangam Kumaraguru. 2018. I spy with my little eye: Analysis and detection of spying browser extensions. In IEEE Euro S&P."},{"key":"e_1_3_2_1_5_1","volume-title":"VEX: Vetting Browser Extensions for Security Vulnerabilities.. In USENIX Security.","author":"Bandhakavi Sruthi","year":"2010","unstructured":"Sruthi Bandhakavi , Samuel T King , Parthasarathy Madhusudan , and Marianne Winslett . 2010 . VEX: Vetting Browser Extensions for Security Vulnerabilities.. In USENIX Security. Sruthi Bandhakavi, Samuel T King, Parthasarathy Madhusudan, and Marianne Winslett. 2010. VEX: Vetting Browser Extensions for Security Vulnerabilities.. In USENIX Security."},{"key":"e_1_3_2_1_6_1","volume-title":"Prateek Saxena, and Aaron Boodman.","author":"Barth Adam","year":"2010","unstructured":"Adam Barth , Adrienne Porter Felt , Prateek Saxena, and Aaron Boodman. 2010 . Protecting browsers from extension vulnerabilities. In NDSS. Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. 2010. Protecting browsers from extension vulnerabilities. In NDSS."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997485"},{"key":"e_1_3_2_1_8_1","unstructured":"Opera Blogs. 2021. Using Chrome Extensions in Opera. https:\/\/blogs.opera.com\/tips-and-tricks\/2021\/10\/using-addons-from-chrome-in-opera\/  Opera Blogs. 2021. Using Chrome Extensions in Opera. https:\/\/blogs.opera.com\/tips-and-tricks\/2021\/10\/using-addons-from-chrome-in-opera\/"},{"key":"e_1_3_2_1_9_1","unstructured":"Mallory Bowes-Brown. 2021. Chrome Malicious Extension Listing. https:\/\/github.com\/mallorybowes\/chrome-mal-ids  Mallory Bowes-Brown. 2021. Chrome Malicious Extension Listing. https:\/\/github.com\/mallorybowes\/chrome-mal-ids"},{"key":"e_1_3_2_1_10_1","unstructured":"Stefano Calzavara Sebastian Roth Alvise Rabitti Michael Backes and Ben Stock. 2020. A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web. In USENIX Security.  Stefano Calzavara Sebastian Roth Alvise Rabitti Michael Backes and Ben Stock. 2020. A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web. In USENIX Security."},{"key":"e_1_3_2_1_11_1","volume-title":"Adrienne Porter Felt, and David Wagner","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini , Adrienne Porter Felt, and David Wagner . 2012 . An Evaluation of the Google Chrome Extension Security Architecture. In USENIX Security . Nicholas Carlini, Adrienne Porter Felt, and David Wagner. 2012. An Evaluation of the Google Chrome Extension Security Architecture. In USENIX Security."},{"key":"e_1_3_2_1_12_1","volume-title":"Mystique: Uncovering Information Leakage from Browser Extensions. In ACM CCS.","author":"Chen Quan","year":"2018","unstructured":"Quan Chen and Alexandros Kapravelos . 2018 . Mystique: Uncovering Information Leakage from Browser Extensions. In ACM CCS. Quan Chen and Alexandros Kapravelos. 2018. Mystique: Uncovering Information Leakage from Browser Extensions. In ACM CCS."},{"key":"e_1_3_2_1_13_1","unstructured":"Chrome Developers. 2012. Declare permissions. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/declare_permissions\/#host-permissions  Chrome Developers. 2012. Declare permissions. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/declare_permissions\/#host-permissions"},{"key":"e_1_3_2_1_14_1","unstructured":"Chrome Developers. 2017. Chrome DevTools Protocol. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/match_patterns\/  Chrome Developers. 2017. Chrome DevTools Protocol. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/match_patterns\/"},{"key":"e_1_3_2_1_15_1","unstructured":"Chrome Developers. 2020. chrome.activeTab. https:\/\/developer.chrome.com\/extensions\/activeTab  Chrome Developers. 2020. chrome.activeTab. https:\/\/developer.chrome.com\/extensions\/activeTab"},{"key":"e_1_3_2_1_16_1","unstructured":"Chrome Developers. 2020a. Match Patterns. https:\/\/developer.chrome.com\/extensions\/match_patterns  Chrome Developers. 2020a. Match Patterns. https:\/\/developer.chrome.com\/extensions\/match_patterns"},{"key":"e_1_3_2_1_17_1","unstructured":"Chrome Developers. 2020b. Methods. https:\/\/3-72-0-dot-chrome-apps-doc.appspot.com\/extensions\/declarativeNetRequest#method-updateDynamicRules  Chrome Developers. 2020b. Methods. https:\/\/3-72-0-dot-chrome-apps-doc.appspot.com\/extensions\/declarativeNetRequest#method-updateDynamicRules"},{"key":"e_1_3_2_1_18_1","unstructured":"Chrome Developers. 2020c. Puppeteer. https:\/\/developers.google.com\/web\/tools\/puppeteer  Chrome Developers. 2020c. Puppeteer. https:\/\/developers.google.com\/web\/tools\/puppeteer"},{"key":"e_1_3_2_1_19_1","unstructured":"Chrome Developers. 2020. webRequest. https:\/\/developer.chrome.com\/extensions\/webRequest  Chrome Developers. 2020. webRequest. https:\/\/developer.chrome.com\/extensions\/webRequest"},{"key":"e_1_3_2_1_20_1","unstructured":"Chrome Developers. 2022. Sitemap - Chrome Extensions. https:\/\/chrome.google.com\/webstore\/sitemap  Chrome Developers. 2022. Sitemap - Chrome Extensions. https:\/\/chrome.google.com\/webstore\/sitemap"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security Workshop on Cyber Security Experimentation and Test.","author":"DeKoven Louis F.","year":"2017","unstructured":"Louis F. DeKoven , Stefan Savage , Geoffrey M. Voelker , and Nektarios Leontiadis . 2017 . Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser . In USENIX Security Workshop on Cyber Security Experimentation and Test. Louis F. DeKoven, Stefan Savage, Geoffrey M. Voelker, and Nektarios Leontiadis. 2017. Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser. In USENIX Security Workshop on Cyber Security Experimentation and Test."},{"key":"e_1_3_2_1_22_1","unstructured":"Chrome Developers. 2021. Manifest v3 : Web Request Changes. https:\/\/groups.google.com\/a\/chromium.org\/g\/chromium-extensions\/c\/veJy9uAwS00\/m\/9iKaX5giAQAJ  Chrome Developers. 2021. Manifest v3 : Web Request Changes. https:\/\/groups.google.com\/a\/chromium.org\/g\/chromium-extensions\/c\/veJy9uAwS00\/m\/9iKaX5giAQAJ"},{"key":"e_1_3_2_1_23_1","volume-title":"CORSICA: Cross-Origin Web Service Identification. In ACM ASIA CCS.","author":"Dresen Christian","year":"2020","unstructured":"Christian Dresen , Fabian Ising , Damian Poddebniak , Tobias Kappert , Thorsten Holz , and Sebastian Schinzel . 2020 . CORSICA: Cross-Origin Web Service Identification. In ACM ASIA CCS. Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, and Sebastian Schinzel. 2020. CORSICA: Cross-Origin Web Service Identification. In ACM ASIA CCS."},{"key":"e_1_3_2_1_24_1","volume-title":"Michael Backes, and Ben Stock.","author":"Fass Aurore","year":"2021","unstructured":"Aurore Fass , Doli\u00e8re Francis Som\u00e9 , Michael Backes, and Ben Stock. 2021 . DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale. In ACM CCS. Aurore Fass, Doli\u00e8re Francis Som\u00e9, Michael Backes, and Ben Stock. 2021. DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale. In ACM CCS."},{"key":"e_1_3_2_1_25_1","unstructured":"Adrienne Porter Felt Richard Barnes April King Chris Palmer Chris Bentzel and Parisa Tabriz. 2017. Measuring HTTPS adoption on the web. In USENIX Security.  Adrienne Porter Felt Richard Barnes April King Chris Palmer Chris Bentzel and Parisa Tabriz. 2017. Measuring HTTPS adoption on the web. In USENIX Security."},{"key":"e_1_3_2_1_26_1","unstructured":"Google. 2018. Chromium Blog. https:\/\/blog.chromium.org\/2018\/10\/trustworthy-chrome-extensions-by-default.html  Google. 2018. Chromium Blog. https:\/\/blog.chromium.org\/2018\/10\/trustworthy-chrome-extensions-by-default.html"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_14"},{"key":"e_1_3_2_1_28_1","unstructured":"IETF. 2012. HTTP Strict Transport Security (HSTS). https:\/\/tools.ietf.org\/html\/rfc6797  IETF. 2012. HTTP Strict Transport Security (HSTS). https:\/\/tools.ietf.org\/html\/rfc6797"},{"key":"e_1_3_2_1_29_1","unstructured":"IETF. 2013. HTTP Header Field X-Frame-Options. https:\/\/tools.ietf.org\/rfc\/rfc7034  IETF. 2013. HTTP Header Field X-Frame-Options. https:\/\/tools.ietf.org\/rfc\/rfc7034"},{"key":"e_1_3_2_1_30_1","unstructured":"IETF. 2016. Initial Assignment for the Content Security Policy Directives Registry. https:\/\/tools.ietf.org\/html\/rfc7762  IETF. 2016. Initial Assignment for the Content Security Policy Directives Registry. https:\/\/tools.ietf.org\/html\/rfc7762"},{"key":"e_1_3_2_1_31_1","unstructured":"Apple Inc. 2022. Converting a Web Extension for Safari. https:\/\/developer.apple.com\/documentation\/safariservices\/safari_web_extensions\/converting_a_web_extension_for_safari  Apple Inc. 2022. Converting a Web Extension for Safari. https:\/\/developer.apple.com\/documentation\/safariservices\/safari_web_extensions\/converting_a_web_extension_for_safari"},{"key":"e_1_3_2_1_32_1","volume-title":"Moheeb Abu Rajab, and Kurt Thomas","author":"Jagpal Nav","year":"2015","unstructured":"Nav Jagpal , Eric Dingle , Jean-Philippe Gravel , Panayiotis Mavrommatis , Niels Provos , Moheeb Abu Rajab, and Kurt Thomas . 2015 . Trends and lessons from three years fighting malicious extensions. In USENIX Security . Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, and Kurt Thomas. 2015. Trends and lessons from three years fighting malicious extensions. In USENIX Security."},{"key":"e_1_3_2_1_33_1","volume-title":"Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security.","author":"Kapravelos Alexandros","year":"2014","unstructured":"Alexandros Kapravelos , Chris Grier , Neha Chachra , Christopher Kruegel , Giovanni Vigna , and Vern Paxson . 2014 . Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security. Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security."},{"key":"e_1_3_2_1_34_1","unstructured":"Ravie Lakshmanan. 2021. Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions. https:\/\/thehackernews.com\/2021\/02\/over-dozen-chrome-extensions-caught.html. Accessed on 2021-04-27.  Ravie Lakshmanan. 2021. Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions. https:\/\/thehackernews.com\/2021\/02\/over-dozen-chrome-extensions-caught.html. Accessed on 2021-04-27."},{"key":"e_1_3_2_1_35_1","unstructured":"Microsoft. 2022. Overview and timelines for migrating to Manifest V3. https:\/\/docs.microsoft.com\/en-us\/microsoft-edge\/extensions-chromium\/developer-guide\/manifest-v3  Microsoft. 2022. Overview and timelines for migrating to Manifest V3. https:\/\/docs.microsoft.com\/en-us\/microsoft-edge\/extensions-chromium\/developer-guide\/manifest-v3"},{"key":"e_1_3_2_1_36_1","unstructured":"Mozilla. 2021. mozilla\/web-ext. https:\/\/github.com\/mozilla\/web-ext  Mozilla. 2021. mozilla\/web-ext. https:\/\/github.com\/mozilla\/web-ext"},{"key":"e_1_3_2_1_37_1","unstructured":"Mozilla Add-ons Community Blog. 2019. Add-on Policy and Process Updates. https:\/\/blog.mozilla.org\/addons\/2019\/05\/02\/add-on-policy-and-process-updates\/  Mozilla Add-ons Community Blog. 2019. Add-on Policy and Process Updates. https:\/\/blog.mozilla.org\/addons\/2019\/05\/02\/add-on-policy-and-process-updates\/"},{"key":"e_1_3_2_1_38_1","unstructured":"Mozilla Developer Network. 2012. XMLHttpRequest. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/XMLH ttpRequest  Mozilla Developer Network. 2012. XMLHttpRequest. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API\/XMLH ttpRequest"},{"key":"e_1_3_2_1_39_1","unstructured":"Mozilla Developer Network. 2021. Cross-Origin-Embedder-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Embedder-Policy  Mozilla Developer Network. 2021. Cross-Origin-Embedder-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Embedder-Policy"},{"key":"e_1_3_2_1_40_1","unstructured":"Mozilla Developer Network. 2021. Cross-Origin-Opener-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Opener-Policy  Mozilla Developer Network. 2021. Cross-Origin-Opener-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Cross-Origin-Opener-Policy"},{"key":"e_1_3_2_1_41_1","unstructured":"Mozilla Developer Network. 2021. Cross-Origin-Resource-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Cross-Origin_Resource_Policy_(CORP)  Mozilla Developer Network. 2021. Cross-Origin-Resource-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Cross-Origin_Resource_Policy_(CORP)"},{"key":"e_1_3_2_1_42_1","unstructured":"Mozilla Developer Network. 2021. Cross-Origin Resource Sharing (CORS). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CORS  Mozilla Developer Network. 2021. Cross-Origin Resource Sharing (CORS). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/CORS"},{"key":"e_1_3_2_1_43_1","unstructured":"Mozilla Developer Network. 2021. Referrer-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Referrer-Policy  Mozilla Developer Network. 2021. Referrer-Policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Referrer-Policy"},{"key":"e_1_3_2_1_44_1","unstructured":"Mozilla Developer Network. 2022. Manifest v3 in Firefox: Recap & Next Steps. https:\/\/blog.mozilla.org\/addons\/2022\/05\/18\/manifest-v3-in-firefox-recap-next-steps\/  Mozilla Developer Network. 2022. Manifest v3 in Firefox: Recap & Next Steps. https:\/\/blog.mozilla.org\/addons\/2022\/05\/18\/manifest-v3-in-firefox-recap-next-steps\/"},{"key":"e_1_3_2_1_45_1","unstructured":"Mozilla Developer Network. 2022. Sitemap - Firefox Extensions. https:\/\/addons.mozilla.org\/api\/v5\/addons\/search\/?app=firefox&type=extension  Mozilla Developer Network. 2022. Sitemap - Firefox Extensions. https:\/\/addons.mozilla.org\/api\/v5\/addons\/search\/?app=firefox&type=extension"},{"key":"e_1_3_2_1_46_1","volume-title":"Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting","author":"Nikiforakis N.","year":"2013","unstructured":"N. Nikiforakis , A. Kapravelos , W. Joosen , C. Kruegel , F. Piessens , and G. Vigna . 2013 . Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting . In IEEE S &P. N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. 2013. Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting. In IEEE S&P."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Nikolaos Pantelaios Nick Nikiforakis and Alexandros Kapravelos. 2020. You've Changed: Detecting Malicious Browser Extensions through Their Update Deltas. In ACM CCS.  Nikolaos Pantelaios Nick Nikiforakis and Alexandros Kapravelos. 2020. You've Changed: Detecting Malicious Browser Extensions through Their Update Deltas. In ACM CCS.","DOI":"10.1145\/3372297.3423343"},{"key":"e_1_3_2_1_48_1","volume-title":"Botnet in the browser: Understanding threats caused by malicious browser extensions","author":"Perrotta Raffaello","unstructured":"Raffaello Perrotta and Feng Hao . 2018. Botnet in the browser: Understanding threats caused by malicious browser extensions . In IEEE S &P. Raffaello Perrotta and Feng Hao. 2018. Botnet in the browser: Understanding threats caused by malicious browser extensions. In IEEE S&P."},{"key":"e_1_3_2_1_49_1","unstructured":"Sebastian Roth Timothy Barron Stefano Calzavara Nick Nikiforakis and Ben Stock. 2020. Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies.. In NDSS.  Sebastian Roth Timothy Barron Stefano Calzavara Nick Nikiforakis and Ben Stock. 2020. Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies.. In NDSS."},{"key":"e_1_3_2_1_50_1","unstructured":"Sebastian Roth Stefano Calzavara Moritz Wilhelm Alvise Rabitti and Ben Stock. 2022. The Security Lottery: Measuring Client-Side Web Security Inconsistencies. In USENIX Security.  Sebastian Roth Stefano Calzavara Moritz Wilhelm Alvise Rabitti and Ben Stock. 2022. The Security Lottery: Measuring Client-Side Web Security Inconsistencies. In USENIX Security."},{"key":"e_1_3_2_1_51_1","unstructured":"Konstantinos Solomos Panagiotis Ilia Soroush Karami Nick Nikiforakis and Jason Polakis. 2022. The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions. In USENIX Security.  Konstantinos Solomos Panagiotis Ilia Soroush Karami Nick Nikiforakis and Jason Polakis. 2022. The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions. In USENIX Security."},{"key":"e_1_3_2_1_52_1","volume-title":"Empoweb: empowering web applications with browser extensions","author":"Som\u00e9 Doli\u00e8re Francis","unstructured":"Doli\u00e8re Francis Som\u00e9 . 2019. Empoweb: empowering web applications with browser extensions . In IEEE S &P. Doli\u00e8re Francis Som\u00e9. 2019. Empoweb: empowering web applications with browser extensions. In IEEE S&P."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2020. Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks. In NDSS.  Avinash Sudhodanan Soheil Khodayari and Juan Caballero. 2020. Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks. In NDSS.","DOI":"10.14722\/ndss.2020.24278"},{"key":"e_1_3_2_1_54_1","unstructured":"Microsoft Edge Support. 2021. Add turn off or remove extensions in Microsoft Edge. https:\/\/support.microsoft.com\/en-us\/microsoft-edge\/add-turn-off-or-remove-extensions-in-microsoft-edge-9c0ec68c-2fbc-2f2c-9ff0-bdc76f46b026  Microsoft Edge Support. 2021. Add turn off or remove extensions in Microsoft Edge. https:\/\/support.microsoft.com\/en-us\/microsoft-edge\/add-turn-off-or-remove-extensions-in-microsoft-edge-9c0ec68c-2fbc-2f2c-9ff0-bdc76f46b026"},{"key":"e_1_3_2_1_55_1","volume-title":"Ad Injection at Scale: Assessing Deceptive Advertisement Modifications","author":"Thomas Kurt","unstructured":"Kurt Thomas , Elie Bursztein , Chris Grier , Grant Ho , Nav Jagpal , Alexandros Kapravelos , Damon Mccoy , Antonio Nappa , Vern Paxson , Paul Pearce , Niels Provos , and Moheeb Abu Rajab . 2015. Ad Injection at Scale: Assessing Deceptive Advertisement Modifications . In IEEE S &P. Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon Mccoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, and Moheeb Abu Rajab. 2015. Ad Injection at Scale: Assessing Deceptive Advertisement Modifications. In IEEE S&P."},{"key":"e_1_3_2_1_56_1","unstructured":"Erik Trickel Oleksii Starov Alexandros Kapravelos Nick Nikiforakis and Adam Doup\u00e9. 2019. Everyone is different: Client-side diversification for defending against extension fingerprinting. In USENIX Security.  Erik Trickel Oleksii Starov Alexandros Kapravelos Nick Nikiforakis and Adam Doup\u00e9. 2019. Everyone is different: Client-side diversification for defending against extension fingerprinting. In USENIX Security."},{"key":"e_1_3_2_1_57_1","unstructured":"W3C. 2017. Referrer Policy. https:\/\/www.w3.org\/TR\/referrer-policy\/  W3C. 2017. Referrer Policy. https:\/\/www.w3.org\/TR\/referrer-policy\/"},{"key":"e_1_3_2_1_58_1","unstructured":"W3C. 2020. Permissions Policy. https:\/\/www.w3.org\/TR\/permissions-policy-1\/  W3C. 2020. Permissions Policy. https:\/\/www.w3.org\/TR\/permissions-policy-1\/"},{"key":"e_1_3_2_1_59_1","unstructured":"W3C. 2021. Fetch Metadata Request Headers. https:\/\/www.w3.org\/TR\/fetch-metadata\/  W3C. 2021. Fetch Metadata Request Headers. https:\/\/www.w3.org\/TR\/fetch-metadata\/"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"crossref","unstructured":"Xinyu Xing Wei Meng Byoungyoung Lee Udi Weinsberg Anmol Sheth Roberto Perdisci and Wenke Lee. 2015. Understanding Malvertising Through Ad-Injecting Browser Extensions. In WWW.  Xinyu Xing Wei Meng Byoungyoung Lee Udi Weinsberg Anmol Sheth Roberto Perdisci and Wenke Lee. 2015. Understanding Malvertising Through Ad-Injecting Browser Extensions. In WWW.","DOI":"10.1145\/2736277.2741630"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560685","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560685","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:59Z","timestamp":1750182539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560685"}},"subtitle":["How Browser Extensions Undermine Security"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":60,"alternative-id":["10.1145\/3548606.3560685","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560685","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}