Securing Browser Extensions
Adrienne P. Felt
Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. In the Firefox extension system, extensions run with the user's full privileges; they can read and write arbitrary files and launch new processes. We consider two threat models: (1) a malicious extension developer, and (2) a benign but non-expert developer who writes buggy extensions. In both cases, it is desirable to limit extensions' privileges as far as possible without crippling the extensions. We analyzed 25 popular Firefox extensions and found that 88% of these extensions need less than the full set of available privileges, which motivates reducing extension privileges. We then examined the Firefox extension system to see whether it could be retrofitted to limit extensions. We also created a new extension platform, which was adopted as the Google Chrome extension system.