Tom Thomas-Litman Undergraduate Dissertation 2017/18

Security Framework for Chrome Extension Analysis

Supervised by A.Brucker

Abstract

Browser extensions increase the functionality of the web browser. However, they also allow 3rd parties to modify traffic, view and modify all the data displayed for the user, and access local file systems. Thus, they can pose a high security risk to the public, of which the dangers are not well known.

A framework was created that scans a set of extensions from the Chrome Store for their various permission and method usage, and for other information such as the total number of javascript files, and url/https calls. Aggregate analysis is returned for the set of extensions.

Half of the urls use the http protocol, and many extensions request permissions that they don't use. We discuss if some permissions could be removed as they are rarely used. Further work details potential developments for the framework to improve its analysis on specific method and url usage, and to determine commonly requested urls and whether they are malicious.