{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:21:01Z","timestamp":1771467661171,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T00:00:00Z","timestamp":1715558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Facebook","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Nvidia","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-1942014, CNS-2003129, CNS-2247381"],"award-info":[{"award-number":["CNS-1942014, CNS-2003129, CNS-2247381"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,13]]},"DOI":"10.1145\/3589334.3645683","type":"proceedings-article","created":{"date-parts":[[2024,5,8]],"date-time":"2024-05-08T07:08:13Z","timestamp":1715152093000},"page":"1283-1294","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Experimental Security Analysis of Sensitive Data Access by Browser Extensions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-7143-2892","authenticated-orcid":false,"given":"Asmit","family":"Nayak","sequence":"first","affiliation":[{"name":"University of Wisconsin - Madison, Madison, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3276-5764","authenticated-orcid":false,"given":"Rishabh","family":"Khandelwal","sequence":"additional","affiliation":[{"name":"University of Wisconsin - Madison, Madison, WI, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8593-2840","authenticated-orcid":false,"given":"Earlence","family":"Fernandes","sequence":"additional","affiliation":[{"name":"University of California, San Diego, San Diego, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4609-7691","authenticated-orcid":false,"given":"Kassem","family":"Fawaz","sequence":"additional","affiliation":[{"name":"University of Wisconsin - Madison, Madison, WI, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,5,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2963724"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997485"},{"key":"e_1_3_2_2_3_1","volume-title":"Adrienne Porter Felt, and David Wagner","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini, Adrienne Porter Felt, and David Wagner. 2012. An Evaluation of the Google Chrome Extension Security Architecture. (Aug. 2012), 97--111. https:\/\/www.usenix.org\/conference\/usenixsecurity12\/technical-sessions\/presentation\/carlini"},{"key":"e_1_3_2_2_4_1","unstructured":"Harrison Chase. 2022. LangChain. https:\/\/github.com\/langchain-ai\/langchain"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243823"},{"key":"e_1_3_2_2_6_1","volume-title":"Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser. (Aug","author":"DeKoven Louis F.","year":"2017","unstructured":"Louis F. DeKoven, Stefan Savage, Geoffrey M. Voelker, and Nektarios Leontiadis. 2017. Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser. (Aug. 2017). https:\/\/www.usenix.org\/conference\/cset17\/workshop-program\/presentation\/dekoven"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3477314.3507098"},{"key":"e_1_3_2_2_8_1","volume-title":"Complexity-based prompting for multi-step reasoning. arXiv preprint arXiv:2210.00720","author":"Fu Yao","year":"2022","unstructured":"Yao Fu, Hao Peng, Ashish Sabharwal, Peter Clark, and Tushar Khot. 2022. Complexity-based prompting for multi-step reasoning. arXiv preprint arXiv:2210.00720 (2022)."},{"key":"e_1_3_2_2_9_1","unstructured":"Google. 2023. Overview of Manifest V3. https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/intro\/mv3-overview\/."},{"key":"e_1_3_2_2_10_1","volume-title":"Verified Security for Browser Extensions. 2011 IEEE Symposium on Security and Privacy","author":"Guha Arjun","year":"2011","unstructured":"Arjun Guha, Matt Fredrikson, Benjamin Livshits, and Nikhil Swamy. 2011. Verified Security for Browser Extensions. 2011 IEEE Symposium on Security and Privacy (2011), 115--130."},{"key":"e_1_3_2_2_11_1","volume-title":"Hulk: Eliciting Malicious Behavior in Browser Extensions. (Aug.","author":"Kapravelos Alexandros","year":"2014","unstructured":"Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting Malicious Behavior in Browser Extensions. (Aug. 2014), 641--654. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/kapravelos"},{"key":"e_1_3_2_2_12_1","volume-title":"CookieEnforcer: Automated Cookie Notice Analysis and Enforcement. ArXiv","author":"Khandelwal Rishabh","year":"2022","unstructured":"Rishabh Khandelwal, Asmit Nayak, Hamza Harkous, and Kassem Fawaz. 2022. CookieEnforcer: Automated Cookie Notice Analysis and Enforcement. ArXiv , Vol. abs\/2204.04221 (2022)."},{"key":"e_1_3_2_2_13_1","volume-title":"The measurement of observer agreement for categorical data. biometrics","author":"Richard Landis J","year":"1977","unstructured":"J Richard Landis and Gary G Koch. 1977. The measurement of observer agreement for categorical data. biometrics (1977), 159--174."},{"key":"e_1_3_2_2_14_1","volume-title":"The Hitchhiker's Guide to Program Analysis: A Journey with Large Language Models. arXiv preprint arXiv:2308.00245","author":"Li Haonan","year":"2023","unstructured":"Haonan Li, Yu Hao, Yizhuo Zhai, and Zhiyun Qian. 2023. The Hitchhiker's Guide to Program Analysis: A Journey with Large Language Models. arXiv preprint arXiv:2308.00245 (2023)."},{"key":"e_1_3_2_2_15_1","volume-title":"Chrome Extensions: Threat Analysis and Countermeasures. In Network and Distributed System Security Symposium.","author":"Liu Lei","year":"2012","unstructured":"Lei Liu, Xinwen Zhang, Guanhua Yan, and Songqing Chen. 2012. Chrome Extensions: Threat Analysis and Countermeasures. In Network and Distributed System Security Symposium."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0078-5"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCI46756.2018.00029"},{"key":"e_1_3_2_2_18_1","volume-title":"Rahul Krishna, Divya Sankar, Lambert Pouguem Wassi, Michele Merler, Boris Sobolev, Raju Pavuluri, Saurabh Sinha, and Reyhaneh Jabbarvand.","author":"Pan Rangeet","year":"2023","unstructured":"Rangeet Pan, Ali Reza Ibrahimzada, Rahul Krishna, Divya Sankar, Lambert Pouguem Wassi, Michele Merler, Boris Sobolev, Raju Pavuluri, Saurabh Sinha, and Reyhaneh Jabbarvand. 2023. Understanding the Effectiveness of Large Language Models in Code Translation. arXiv preprint arXiv:2308.03109 (2023)."},{"key":"e_1_3_2_2_19_1","volume-title":"Can Large Language Models Reason about Program Invariants?","author":"Pei Kexin","year":"2023","unstructured":"Kexin Pei, David Bieber, Kensen Shi, Charles Sutton, and Pengcheng Yin. 2023. Can Large Language Models Reason about Program Invariants? (2023)."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.3111249"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3501385.3543957"},{"key":"e_1_3_2_2_22_1","volume-title":"Adaptive test generation using a large language model. arXiv preprint arXiv:2302.06527","author":"Max","year":"2023","unstructured":"Max Sch\"afer, Sarah Nadi, Aryaz Eghbali, and Frank Tip. 2023. Adaptive test generation using a large language model. arXiv preprint arXiv:2302.06527 (2023)."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.06.005"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00058"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-019-00442-1"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","unstructured":"Gaurav Varshney Manoj Misra and Pradeep Atrey. 2017. Detecting Spying and Fraud Browser Extensions: Short Paper. 45--52. https:\/\/doi.org\/10.1145\/3137616.3137619","DOI":"10.1145\/3137616.3137619"},{"key":"e_1_3_2_2_27_1","volume-title":"Attention is all you need. Advances in neural information processing systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. Advances in neural information processing systems , Vol. 30 (2017)."},{"key":"e_1_3_2_2_28_1","volume-title":"2023 a. Software testing with large language model: Survey, landscape, and vision. arXiv preprint arXiv:2307.07221","author":"Wang Junjie","year":"2023","unstructured":"Junjie Wang, Yuchao Huang, Chunyang Chen, Zhe Liu, Song Wang, and Qing Wang. 2023 a. Software testing with large language model: Survey, landscape, and vision. arXiv preprint arXiv:2307.07221 (2023)."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","unstructured":"Jiangang Wang Xiaohong Li Xuhui Liu Xinshu Dong Junjie Wang Zhenkai Liang and Zhiyong Feng. 2012. An Empirical Study of Dangerous Behaviors in Firefox Extensions. 188--203. https:\/\/doi.org\/10.1007\/978--3--642--33383--5_12","DOI":"10.1007\/978--3--642--33383--5_12"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7087239"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7087239"},{"key":"e_1_3_2_2_32_1","volume-title":"Nghi DQ Bui, Junnan Li, and Steven CH Hoi. 2023 b. Codet5: Open code large language models for code understanding and generation. arXiv preprint arXiv:2305.07922","author":"Wang Yue","year":"2023","unstructured":"Yue Wang, Hung Le, Akhilesh Deepak Gotmare, Nghi DQ Bui, Junnan Li, and Steven CH Hoi. 2023 b. Codet5: Open code large language models for code understanding and generation. arXiv preprint arXiv:2305.07922 (2023)."},{"key":"e_1_3_2_2_33_1","first-page":"24824","article-title":"Chain-of-thought prompting elicits reasoning in large language models","volume":"35","author":"Wei Jason","year":"2022","unstructured":"Jason Wei, Xuezhi Wang, Dale Schuurmans, Maarten Bosma, Fei Xia, Ed Chi, Quoc V Le, Denny Zhou, et al. 2022. Chain-of-thought prompting elicits reasoning in large language models. Advances in Neural Information Processing Systems , Vol. 35 (2022), 24824--24837.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_2_34_1","volume-title":"LmPa: Improving Decompilation by Synergy of Large Language Model and Program Analysis. arXiv preprint arXiv:2306.02546","author":"Xu Xiangzhe","year":"2023","unstructured":"Xiangzhe Xu, Zhuo Zhang, Shiwei Feng, Yapeng Ye, Zian Su, Nan Jiang, Siyuan Cheng, Lin Tan, and Xiangyu Zhang. 2023. LmPa: Improving Decompilation by Synergy of Large Language Model and Program Analysis. arXiv preprint arXiv:2306.02546 (2023)."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","unstructured":"Rui Zhao Chuan Yue and Qing Yi. 2015. Automatic Detection of Information Leakage Vulnerabilities in Browser Extensions. In Proceedings of the 24th International Conference on World Wide Web (Florence Italy) (WWW '15). International World Wide Web Conferences Steering Committee Republic and Canton of Geneva CHE 1384--1394. https:\/\/doi.org\/10.1145\/2736277.2741134","DOI":"10.1145\/2736277.2741134"},{"key":"e_1_3_2_2_36_1","unstructured":"Wayne Xin Zhao Kun Zhou Junyi Li Tianyi Tang Xiaolei Wang Yupeng Hou Yingqian Min Beichen Zhang Junjie Zhang Zican Dong et al. 2023. A survey of large language models. arXiv preprint arXiv:2303.18223 (2023). io"}],"event":{"name":"WWW '24: The ACM Web Conference 2024","location":"Singapore Singapore","acronym":"WWW '24","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2024"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645683","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589334.3645683","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:30:07Z","timestamp":1755822607000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645683"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,13]]},"references-count":36,"alternative-id":["10.1145\/3589334.3645683","10.1145\/3589334"],"URL":"https:\/\/doi.org\/10.1145\/3589334.3645683","relation":{},"subject":[],"published":{"date-parts":[[2024,5,13]]},"assertion":[{"value":"2024-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}