DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication

Pablo Picazo-Sanchez, Maximilian Algehed, Andrei Sabelfeld

2022

Abstract

Browser extensions are popular web applications that users install in modern browsers to enrich the user experience on the web. It is common for browser extensions to include static resources in the form of HTML, CSS, fonts, images, and JavaScript libraries. Unfortunately, the state of the art is that each extension ships its own version of a given resource. This paper presents DeDup.js, a framework that incorporates similarity analysis for achieving two goals: detecting potentially malicious extensions during the approval process, and given an extension as input, DeDup.js discovers similar extensions. We downloaded three snapshots of the Google Chrome Web Store during one year totaling more than 422k browser extensions and conclude that over 50% of the static resources are shared among the extensions. By implementing an instance of DeDup.js, we detect more than 7k extensions that should not have been published and were later deleted. Also, we discover more than 1k malicious extensions still online that send user’s queries to external servers without the user’s knowledge. Finally, we show the potential of DeDup.js by analyzing a set extensions part of CacheFlow, a recently discovered attack. We detect 53 malicious extensions of which 36 Google has already taken down and the rest are investigated.

Download


Paper Citation


in Harvard Style

Picazo-Sanchez P., Algehed M. and Sabelfeld A. (2022). DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 528-535. DOI: 10.5220/0010900600003120


in Bibtex Style

@conference{icissp22,
author={Pablo Picazo-Sanchez and Maximilian Algehed and Andrei Sabelfeld},
title={DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={528-535},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010900600003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
SN - 978-989-758-553-1
AU - Picazo-Sanchez P.
AU - Algehed M.
AU - Sabelfeld A.
PY - 2022
SP - 528
EP - 535
DO - 10.5220/0010900600003120