{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T14:24:42Z","timestamp":1772893482229,"version":"3.50.1"},"reference-count":104,"publisher":"Association for Computing Machinery (ACM)","issue":"1","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Web"],"published-print":{"date-parts":[[2026,2,28]]},"abstract":"<jats:p>\n                    Google Chrome is the most popular Web browser. Users can customize it with\n                    <jats:italic toggle=\"yes\">extensions<\/jats:italic>\n                    that enhance their browsing experience. The most well-known marketplace of such extensions is the Chrome Web Store (CWS). Developers can upload their extensions on the CWS, but such extensions are made available to users only after a vetting process carried out by Google itself. Unfortunately, some\n                    <jats:italic toggle=\"yes\">malicious<\/jats:italic>\n                    extensions bypass such checks, putting the security and privacy of downstream browser extension users at risk.\n                  <\/jats:p>\n                  <jats:p>\n                    In this article, we carry out a comprehensive real-world security analysis of malicious extensions in the CWS. Specifically, we scrutinize the extent to which automated mechanisms reliant on supervised machine learning (ML) can be used to detect malicious extensions on the CWS. To this end, we first collect 7,140 malicious extensions published in 2017\u20132023 and which have been flagged as malicious by Google. We combine this dataset with 63,598 benign extensions published or updated on the CWS before 2023, and we develop three supervised-ML-based classifiers\u2014leveraging both original features as well as techniques inspired by prior work. We show that, in a \u201clab setting\u201d, our classifiers work well (e.g., 98% accuracy). Then, we collect a new, and more recent, set of 35,462 extensions from the CWS, published or last updated in 2023, with unknown ground truth. We were eventually able to identify 68 malicious extensions that bypassed the vetting process of the CWS. However, our classifiers also reported over 1k likely malicious extensions which may overestimate their true number. Based on this finding (further supported with other experiments and realistic analyses), we elucidate, for the first time, a strong\n                    <jats:italic toggle=\"yes\">concept drift<\/jats:italic>\n                    effect on browser extensions. We also provide factual evidence that commercial detectors (e.g., VirusTotal) work poorly to detect known malicious extensions. Altogether, our results highlight the fact that detecting malicious browser extensions is a fundamentally hard problem which has not (yet) received an adequate degree of attention. This requires additional work both by the research community and by Google itself\u2014potentially by revising their approaches. In the meantime, we informed Google of our discoveries, and we released our artifacts.\n                  <\/jats:p>","DOI":"10.1145\/3770852","type":"journal-article","created":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T09:08:17Z","timestamp":1759396097000},"page":"1-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["It\u2019s Not Easy: Applying Supervised Machine Learning to Detect Malicious Extensions in the Chrome Web Store"],"prefix":"10.1145","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-6556-3230","authenticated-orcid":false,"given":"Ben","family":"Rosenzweig","sequence":"first","affiliation":[{"name":"Saarland University","place":["Saarbruecken, Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3557-3120","authenticated-orcid":false,"given":"Valentino","family":"Dalla Valle","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security","place":["Saarbruecken, Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6890-9611","authenticated-orcid":false,"given":"Giovanni","family":"Apruzzese","sequence":"additional","affiliation":[{"name":"Liechtenstein Business School, University of Liechtenstein","place":["Vaduz, Liechtenstein"]},{"name":"Department of Computer Science, Reykjavik University","place":["Vaduz, Liechtenstein"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6611-4447","authenticated-orcid":false,"given":"Aurore","family":"Fass","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security","place":["Saarbruecken, Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,2,19]]},"reference":[{"key":"e_1_3_4_2_2","volume-title":"Check on Your Review Status","unstructured":"2024. Check on Your Review Status. Retrieved October 24, 2024 from https:\/\/developer.chrome.com\/docs\/webstore\/check-review?hl=en#the_lifecycle_of_a_chrome_web_store_item"},{"key":"e_1_3_4_3_2","unstructured":"2024. Chrome-Stats. Retrieved May 21 2024 from https:\/\/chrome-stats.com"},{"key":"e_1_3_4_4_2","volume-title":"Chrome-Stats Advanced Search","unstructured":"2024. Chrome-Stats Advanced Search. Retrieved April 03, 2024 from https:\/\/chrome-stats.com\/advanced-search"},{"key":"e_1_3_4_5_2","volume-title":"Chrome Web Store","unstructured":"2024. Chrome Web Store. Retrieved November 15, 2023 from https:\/\/chrome.google.com\/webstore"},{"key":"e_1_3_4_6_2","volume-title":"Chrome Web Store Review Process","unstructured":"2024. Chrome Web Store Review Process. Retrieved October 24, 2024 from https:\/\/developer.chrome.com\/docs\/webstore\/review-process"},{"key":"e_1_3_4_7_2","volume-title":"Chrome Web Store Sitemap","unstructured":"2024. Chrome Web Store Sitemap. Retrieved April 03, 2024 from https:\/\/chrome.google.com\/webstore\/sitemap"},{"key":"e_1_3_4_8_2","volume-title":"Content Scripts","unstructured":"2024. Content Scripts. Retrieved October 23, 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/content_scripts\/"},{"key":"e_1_3_4_9_2","unstructured":"2024. CRXcavator. Retrieved July 10 2024 from https:\/\/crxcavator.io"},{"key":"e_1_3_4_10_2","volume-title":"Declare Permissions","unstructured":"2021. Declare Permissions. Retrieved October 23, 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/develop\/concepts\/declare-permissions"},{"key":"e_1_3_4_11_2","volume-title":"DoubleX Unpacker","unstructured":"2024. DoubleX Unpacker. Retrieved April 15, 2024 from https:\/\/github.com\/Aurore54F\/DoubleX\/blob\/main\/src\/unpack_extension.py"},{"key":"e_1_3_4_12_2","volume-title":"Edge-Stats","unstructured":"2024. Edge-Stats. Retrieved October 24, 2024 from https:\/\/edge-stats.com\/"},{"key":"e_1_3_4_13_2","volume-title":"Firefox-Stats","unstructured":"2024. Firefox-Stats. Retrieved October 24, 2024 from https:\/\/firefox-stats.com\/"},{"key":"e_1_3_4_14_2","volume-title":"JavaScript Deobfuscator","unstructured":"2024. JavaScript Deobfuscator. Retrieved May 28, 2024 from https:\/\/github.com\/ben-sb\/javascript-deobfuscator"},{"key":"e_1_3_4_15_2","volume-title":"Manifest File Format","unstructured":"2024. Manifest File Format. Retrieved May 21, 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/reference\/manifest"},{"key":"e_1_3_4_16_2","unstructured":"2024. Manifest V3 migration checklist. Retrieved October 24 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/develop\/migrate\/checklist"},{"key":"e_1_3_4_17_2","volume-title":"Migrate to a Service Worker","unstructured":"2024. Migrate to a Service Worker. Retrieved October 24, 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/develop\/migrate\/to-service-workers"},{"key":"e_1_3_4_18_2","volume-title":"Permissions","unstructured":"2024. Permissions. Retrieved October 23, 2024 from https:\/\/developer.chrome.com\/docs\/extensions\/reference\/permissions-list"},{"key":"e_1_3_4_19_2","volume-title":"spaCy","unstructured":"2021. spaCy. Retrieved April 09, 2024 from https:\/\/spacy.io\/"},{"key":"e_1_3_4_20_2","volume-title":"ssdeep 3.4","unstructured":"2017. ssdeep 3.4. Retrieved May 28, 2024 from https:\/\/pypi.org\/project\/ssdeep"},{"key":"e_1_3_4_21_2","unstructured":"2025. Our Repository. Retrieved October 1st 2025 from https:\/\/github.com\/its-not-easy\/tweb25"},{"key":"e_1_3_4_22_2","volume-title":"ACM CCS","author":"Agarwal Shubham","year":"2022","unstructured":"Shubham Agarwal. 2022. Helping or hindering? How browser extensions undermine security. In ACM CCS."},{"key":"e_1_3_4_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670339"},{"key":"e_1_3_4_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00012"},{"key":"e_1_3_4_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00010"},{"key":"e_1_3_4_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3210029"},{"key":"e_1_3_4_27_2","volume-title":"USENIX Security","author":"Arp Daniel","year":"2022","unstructured":"Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and don\u2019ts of machine learning in computer security. In USENIX Security."},{"key":"e_1_3_4_28_2","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-023-00834-0"},{"key":"e_1_3_4_29_2","volume-title":"NDSS Workshop MADWeb","author":"B\u00e1n D\u00e9nes","year":"2019","unstructured":"D\u00e9nes B\u00e1n and Benjamin Livshits. 2019. Extension vetting: Haven\u2019t we solved this problem yet?. In NDSS Workshop MADWeb."},{"key":"e_1_3_4_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833659"},{"key":"e_1_3_4_31_2","article-title":"Staying Safe with Chrome Extensions","author":"Blog Google Security","year":"2024","unstructured":"Google Security Blog. 2024. Staying Safe with Chrome Extensions. Retrieved July 09, 2024 from https:\/\/security.googleblog.com\/2024\/06\/staying-safe-with-chrome-extensions.html","journal-title":"Retrieved July 09, 2024 from"},{"key":"e_1_3_4_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380292"},{"key":"e_1_3_4_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3605098.3636046"},{"key":"e_1_3_4_34_2","volume-title":"Machine Learning","author":"Breiman Leo","year":"2001","unstructured":"Leo Breiman. 2001. Random forests. In Machine Learning."},{"key":"e_1_3_4_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179338"},{"key":"e_1_3_4_36_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23149"},{"key":"e_1_3_4_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/3371924"},{"key":"e_1_3_4_38_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46669-8_21"},{"key":"e_1_3_4_39_2","volume-title":"USENIX Security","author":"Carlini Nicholas","year":"2012","unstructured":"Nicholas Carlini, Adrienne Porter Felt, and David Wagner. 2012. An evaluation of the google chrome extension security architecture. In USENIX Security."},{"key":"e_1_3_4_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243823"},{"key":"e_1_3_4_41_2","volume-title":"Chrome Extensions Manifest V3 Migration Status","unstructured":"Chrome-Stats. 2025. Chrome Extensions Manifest V3 Migration Status. Retrieved September 22, 2025 from https:\/\/chrome-stats.com\/manifest-v3-migration"},{"key":"e_1_3_4_42_2","article-title":"Chrome extension statistics","year":"2025","unstructured":"Chrome-Stats. 2025. Chrome extension statistics. Retrieved September 22, 2025 from https:\/\/chrome-stats.com\/stats","journal-title":"Retrieved September 22, 2025 from"},{"key":"e_1_3_4_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3742895"},{"key":"e_1_3_4_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052654"},{"key":"e_1_3_4_45_2","volume-title":"USENIX Workshop CSET","author":"DeKoven Louis F.","year":"2017","unstructured":"Louis F. DeKoven, Stefan Savage, Geoffrey M. Voelker, and Nektarios Leontiadis. 2017. Malicious browser extensions at scale: Bridging the observability gap between web site and browser. In USENIX Workshop CSET."},{"key":"e_1_3_4_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/212094.212114"},{"key":"e_1_3_4_47_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359813"},{"key":"e_1_3_4_48_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_14"},{"key":"e_1_3_4_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484745"},{"key":"e_1_3_4_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550"},{"key":"e_1_3_4_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/2523813"},{"key":"e_1_3_4_52_2","article-title":"Code Readability Requirements","unstructured":"Google. 2024. Code Readability Requirements. Retrieved October 24, 2024 from https:\/\/developer.chrome.com\/docs\/webstore\/program-policies\/code-readability","journal-title":"Retrieved October 24, 2024 from"},{"key":"e_1_3_4_53_2","article-title":"Repeat Abuse","year":"2024","unstructured":"Google. 2024. Repeat Abuse. Retrieved July 09, 2024 from https:\/\/developer.chrome.com\/docs\/webstore\/program-policies\/repeat-abuse","journal-title":"Retrieved July 09, 2024 from"},{"key":"e_1_3_4_54_2","volume-title":"NeurIPS","author":"Grinsztajn L\u00e9o","year":"2022","unstructured":"L\u00e9o Grinsztajn, Edouard Oyallon, and Ga\u00ebl Varoquaux. 2022. Why do tree-based models still outperform deep learning on typical tabular data? In NeurIPS."},{"key":"e_1_3_4_55_2","article-title":"ECMAScript Parsing Infrastructure for Multipurpose Analysis","author":"Hidayat Ariya","unstructured":"Ariya Hidayat. 2015. ECMAScript Parsing Infrastructure for Multipurpose Analysis. Retrieved May 22, 2024 from http:\/\/esprima.org","journal-title":"Retrieved May 22, 2024 from"},{"key":"e_1_3_4_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3637636"},{"key":"e_1_3_4_57_2","volume-title":"USENIX Security","author":"Jagpal Nav","year":"2015","unstructured":"Nav Jagpal, Eric Dingle, Jean-Philippe Gravel, Panayiotis Mavrommatis, Niels Provos, Moheeb Abu Rajab, and Kurt Thomas. 2015. Trends and lessons from three years fighting malicious extensions. In USENIX Security."},{"key":"e_1_3_4_58_2","volume-title":"USENIX Security","author":"Jordaney Roberto","year":"2017","unstructured":"Roberto Jordaney, Kumar Sharad, Santanu K. Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting concept drift in malware classification models. In USENIX Security."},{"key":"e_1_3_4_59_2","volume-title":"USENIX Security","author":"Kapravelos Alexandros","year":"2014","unstructured":"Alexandros Kapravelos, Chris Grier, Neha Chachra, Christopher Kruegel, Giovanni Vigna, and Vern Paxson. 2014. Hulk: Eliciting malicious behavior in browser extensions. In USENIX Security."},{"key":"e_1_3_4_60_2","volume-title":"NDSS","author":"Karami Soroush","year":"2021","unstructured":"Soroush Karami, Panagiotis Ilia, and Jason Polakis. 2021. Awakening the web\u2019s sleeper agents: Misusing service workers for privacy leakage. In NDSS."},{"key":"e_1_3_4_61_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24383"},{"key":"e_1_3_4_62_2","volume-title":"USENIX Security","author":"Karami Soroush","year":"2022","unstructured":"Soroush Karami, Faezeh Kalantari, Mehrnoosh Zaeifi, Xavier J. Maso, Erik Trickel, Panagiotis Ilia, Yan Shoshitaishvili, Adam Doup\u00e9, and Jason Polakis. 2022. Unleash the simulacrum: Shifting browser realities for robust extension-fingerprinting prevention. In USENIX Security."},{"key":"e_1_3_4_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313665"},{"key":"e_1_3_4_64_2","volume-title":"USENIX Security","author":"Kim Young Min","year":"2023","unstructured":"Young Min Kim and Byoungyoung Lee. 2023. Extending a hand to attackers: Browser privilege escalation attacks via extensions. In USENIX Security."},{"key":"e_1_3_4_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"e_1_3_4_66_2","volume-title":"USENIX Security","author":"Laperdrix Pierre","year":"2021","unstructured":"Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, and Nick Nikiforakis. 2021. Fingerprinting in style: Detecting browser extensions via injected style sheets. In USENIX Security."},{"key":"e_1_3_4_67_2","volume-title":"NDSS","author":"Liu Lei","year":"2012","unstructured":"Lei Liu, Xinwen Zhang, Guanhua Yan, and Songqing Chen. 2012. Chrome extensions: Threat analysis and countermeasures. In NDSS."},{"key":"e_1_3_4_68_2","volume-title":"NeurIPS","author":"Louppe Gilles","year":"2013","unstructured":"Gilles Louppe, Louis Wehenkel, Antonio Sutera, and Pierre Geurts. 2013. Understanding variable importances in forests of randomized trees. In NeurIPS."},{"key":"e_1_3_4_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN48987.2021.00065"},{"key":"e_1_3_4_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00054"},{"key":"e_1_3_4_71_2","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645683"},{"key":"e_1_3_4_72_2","volume-title":"USENIX Security","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, and Adam Doup\u00e9. 2020. PhishTime: Continuous longitudinal measurement of the effectiveness of anti-phishing blacklists. In USENIX Security."},{"key":"e_1_3_4_73_2","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3656999"},{"key":"e_1_3_4_74_2","volume-title":"ACM CCS","author":"Olszewski Daniel","year":"2023","unstructured":"Daniel Olszewski, Allison Lu, Carson Stillman, Kevin Warren, Cole Kitroser, Alejandro Pascual, Divyajyoti Ukirde, Kevin Butler, and Patrick Traynor. 2023. \u201cGet in researchers; we\u2019re measuring reproducibility\u201d: A reproducibility study of machine learning papers in tier 1 security conferences. In ACM CCS."},{"key":"e_1_3_4_75_2","volume-title":"ACM CCS","author":"Pantelaios Nikolaos","year":"2020","unstructured":"Nikolaos Pantelaios, Nick Nikiforakis, and Alexandros Kapravelos. 2020. You\u2019ve changed: Detecting malicious browser extensions through their update deltas. In ACM CCS."},{"key":"e_1_3_4_76_2","volume-title":"USENIX Security","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. \\(\\lbrace\\) TESSERACT \\(\\rbrace\\) : Eliminating experimental bias in malware classification across space and time. In USENIX Security."},{"key":"e_1_3_4_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2018.3111249"},{"key":"e_1_3_4_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567988"},{"key":"e_1_3_4_79_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-019-00481-8"},{"key":"e_1_3_4_80_2","article-title":"Evaluation: From precision, recall and f-measure to ROC, informedness, markedness and correlation","author":"Powers David M. W.","year":"2011","unstructured":"David M. W. Powers. 2011. Evaluation: From precision, recall and f-measure to ROC, informedness, markedness and correlation. Journal of Machine Learning Technologies 2 (2011), 37.","journal-title":"Journal of Machine Learning Technologies"},{"key":"e_1_3_4_81_2","volume-title":"USENIX Security","author":"S\u00e1nchez-Rola Iskander","year":"2017","unstructured":"Iskander S\u00e1nchez-Rola, Igor Santos, and Davide Balzarotti. 2017. Extension breakdown: Security analysis of browsers extension resources control policies. In USENIX Security."},{"key":"e_1_3_4_82_2","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029820"},{"key":"e_1_3_4_83_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23309"},{"key":"e_1_3_4_84_2","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420987"},{"key":"e_1_3_4_85_2","volume-title":"USENIX Security","author":"Solomos Konstantinos","year":"2022","unstructured":"Konstantinos Solomos, Panagiotis Ilia, Soroush Karami, Nick Nikiforakis, and Jason Polakis. 2022. The dangers of human touch: Fingerprinting browser extensions through user actions. In USENIX Security."},{"key":"e_1_3_4_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560576"},{"key":"e_1_3_4_87_2","volume-title":"ACSAC","author":"Solomos Konstantinos","year":"2024","unstructured":"Konstantinos Solomos, Nick Nikiforakis, and Jason Polakis. 2024. Harnessing multiplicity: Granular browser extension fingerprinting through user configurations. In ACSAC."},{"key":"e_1_3_4_88_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00058"},{"key":"e_1_3_4_89_2","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313458"},{"key":"e_1_3_4_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052596"},{"key":"e_1_3_4_91_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.18"},{"key":"e_1_3_4_92_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.17"},{"key":"e_1_3_4_93_2","volume-title":"USENIX Security","author":"Trickel Erik","year":"2019","unstructured":"Erik Trickel, Oleksii Starov, Alexandros Kapravelos, Nick Nikiforakis, and Adam Doup\u00e9. 2019. Everyone is different: Client-side diversification for defending against extension fingerprinting. In USENIX Security."},{"key":"e_1_3_4_94_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833671"},{"key":"e_1_3_4_95_2","article-title":"WRIT: Web request integrity and attestation against malicious browser extensions","author":"Vasiliadis Giorgos","year":"2023","unstructured":"Giorgos Vasiliadis, Apostolos Karampelas, Alexandros Shevtsov, Panagiotis Papadopoulos, Sotiris Ioannidis, and Alexandros Kapravelos. 2023. WRIT: Web request integrity and attestation against malicious browser extensions. IEEE Transactions on Dependable and Secure Computing 21, 4 (2023), 3082\u20133095.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_4_96_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33383-5_12"},{"key":"e_1_3_4_97_2","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7087239"},{"key":"e_1_3_4_98_2","volume-title":"ACSAC","author":"Weissbacher Michael","year":"2017","unstructured":"Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, and Engin Kirda. 2017. Ex-Ray: Detection of history-leaking browser extensions. In ACSAC."},{"key":"e_1_3_4_99_2","volume-title":"USENIX Security","author":"Xie Qinge","year":"2024","unstructured":"Qinge Xie, Manoj Vignesh K. M., Paul Pearce, and Frank Li. 2024. Arcanum: Detecting and evaluating the privacy risks of browser extensions on web pages and web content. In USENIX Security."},{"key":"e_1_3_4_100_2","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741630"},{"key":"e_1_3_4_101_2","volume-title":"USENIX Security","author":"Yang Limin","year":"2021","unstructured":"Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, and Gang Wang. 2021. \\(\\lbrace\\) CADE \\(\\rbrace\\) : Detecting and explaining concept drift samples for security applications. In USENIX Security."},{"key":"e_1_3_4_102_2","volume-title":"Cancer","author":"Youden W. J.","year":"1950","unstructured":"W. J. Youden. 1950. Index for rating diagnostic tests. In Cancer."},{"key":"e_1_3_4_103_2","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616584"},{"key":"e_1_3_4_104_2","article-title":"Privacy model: Detect privacy leakage for chinese browser extensions","author":"Zhao Yufei","year":"2021","unstructured":"Yufei Zhao, Liqun Yang, Zhoujun Li, Longtao He, and Yipeng Zhang. 2021. Privacy model: Detect privacy leakage for chinese browser extensions. IEEE Access 9 (2021), 44502\u201344513.","journal-title":"IEEE Access"},{"key":"e_1_3_4_105_2","volume-title":"USENIX Security","author":"Zhu Shuofei","year":"2020","unstructured":"Shuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, and Gang Wang. 2020. Measuring and modeling the label dynamics of online \\(\\lbrace\\) anti-malware \\(\\rbrace\\) engines. In USENIX Security."}],"container-title":["ACM Transactions on the Web"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3770852","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T17:56:23Z","timestamp":1772819783000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3770852"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,19]]},"references-count":104,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2,28]]}},"alternative-id":["10.1145\/3770852"],"URL":"https:\/\/doi.org\/10.1145\/3770852","relation":{},"ISSN":["1559-1131","1559-114X"],"issn-type":[{"value":"1559-1131","type":"print"},{"value":"1559-114X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,19]]},"assertion":[{"value":"2025-03-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-06","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-02-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}