International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 11 Issue: 04 | Apr 2024
p-ISSN: 2395-0072
www.irjet.net
Extension Auditing: Privacy-Preserving Extension Chetan Pathade1, Paras Saxena2, Aditya Sudhansu3 1,2,3Information Networking Institute
College of Engineering Carnegie Mellon University, Pittsburgh, PA, USA ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - In the current stage of the internet, browser
objective is to promote a more secure digital environment where the benefits of browser extensions can be utilized without sacrificing user privacy and security.
extensions are everywhere, offering better functionality and user experience. However, this convenience often comes at the cost of the user's security and privacy. In the following research, we are tackling the world of browser extensions to audit their privacy criteria. It turns out, that many of these handy tools are not just adding functionality; they're also introducing significant security risks. Through a methodical and detailed approach that includes policy review, source code analysis, and comprehensive documentation, we tried to uncover the hidden threats posed by these extensions along with the claims by these extensions. Our methodology comprises installing extensions in isolated environments, utilizing tools like ExtAnalysis[1], Chrome DevTools[2], Sonarqube[12], and Bearer[10] for in-depth analysis, and testing for privacy policy offered by the extension and auditing it. This research not only seeks to answer critical questions regarding privacy violations but also the potential for privilege escalation. With the ultimate goal of enhancing digital safety, this paper highlights the imperative for improved security oversight in the development and deployment of browser extensions.
2. Background In the digital world, we observe exponential growth in browser extensions. They are transforming the way users browse the web by adding new and customizing features and offering us a personalized experience. From utility extensions such as ad blockers that keep ads away to productivity extension tools that autofill online forms, these add-ons have become a key part of the browser's user experience. They adapt to what different individuals require. Whereas, with all these extensions growing so fast, there's a downside too. We're facing a lot of security issues and weak spots that can disrupt our data privacy, cybersecurity, and even the economy. Although their utility is great, there is a dark side to it as well, browser extensions to work properly require elevated privileges, access to sensitive user data (PII), and interacting closely with web pages(scripts). This inherent access and integration with web content make extensions gullible to exploitation by malicious actors seeking to compromise user privacy, conduct cyber attacks, and engage in illicit activities. As a result, the security stance of browser extensions has emerged as a critical concern, making necessary requirements for comprehensive assessments along with enhanced security measures, and robust oversight mechanisms.
Key Words: Extension, Privacy, Auditing, SonarQube[12], CRXcavator[16], Bearer [9], Extension Analysis, Policy.
1. INTRODUCTION The growing number of browser extensions has unquestionably enhanced the online experience by providing users with a wide range of features easily accessible. Nevertheless, this expansion brings unique difficulties, mainly related to the safety and confidentiality of users. As the number of data breaches and privacy violations increases, the security of browser extensions has become a key topic in discussions about digital safety. This research starts by critically evaluating the security position of these extensions, with the goal of uncovering hidden weaknesses. We investigate browser extensions for potential threats by combining penetration testing, examining source code, and utilizing tools such as ExtAnalysis [1], Chrome DevTools, SonarQube[12], Bearer[9] and CRXcavator[14]. This study is driven by two main goals: emphasizing the urgent demand for improved security measures in the development and deployment of browser extensions and presenting a structured framework for evaluating these extensions. Our main
© 2024, IRJET
|
Impact Factor value: 8.226
3. Methodology A. Scope:
We picked privacy-preserving extensions for our study because keeping data safe online is getting more important due to more frequent privacy issues. We chose extensions that are popular and downloaded a lot because they are important to lots of people. This helps us look into how well these tools are doing their job in protecting users' privacy. Our selection of scope is as follows, from the broad spectrum of browser extension categories, our methodology was to strategically select privacy-preserving extensions for in-depth
|
ISO 9001:2008 Certified Journal
|
Page 2435