AliBawazeEer
13 min readFeb 20, 2021

--

dissection

TL;DR

Browsers play a huge role in many businesses, but they’re also a main entry point for cyber-attacks. And As the World Wide Web matures into a ubiquitous computing platform, people are growing comfortable with sharing their personal information with web applications they trust. However, this casual sharing of information is accompanied by serious privacy and security implications.
We will walk through a use case and technical details of how in recent times browsers have been abused for malicious tasks such as private information gathering, browsing history retrieval, or password theft — leading to a number of devastating attacks. Nevertheless , the research shall find out how you can protect your enterprise from browser-based attacks and some advise of safe browsing .

A Trojan horse made of electronic hardware components
A Trojan horse made of electronic hardware components

just because the big news for two months is about supply chain attacks !! I was like it’s a good starting point to link in a browser security and hidden spy !! hell yeah :D

https://bugs.chromium.org/p/project-zero/issues/detail?id=1930

Browser-based threats ;

Malicious Browser Extension :

The dangers of malicious browser extensions

What permissions does it require?

In 2019 researchers found extension in Chrome Web Store that steals credit card data of users, this extension was designed as fake Flash Player .

In 2019 YouTube Queue extension was compromised with malicious code after it was sold to new developer .

As we can see, malicious browser extensions can be found not only on GitHub-like websites, but in official marketplaces like Chrome Web Store too. After installation of extension from store, it will be auto-updated with every new version, in the same time one of updates can include malicious code. So to say this will bypass defending techniques

Toolkit for Analyzing Browser Plugins

The progression of Malicious Code Delivery

Trends and Lessons for Fighting Malicious Extensions

References

--

--