Relevant bibliographies by topics / Browser extensions

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Browser extensions'

Author: Grafiati
Published: 4 June 2021
Last updated: 5 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Browser extensions.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Browser extensions"

1

Picazo-Sanchez, Pablo, Juan Tapiador, and Gerardo Schneider. "After you, please: browser extensions order attacks and countermeasures." International Journal of Information Security 19, no. 6 (November 21, 2019): 623–38. http://dx.doi.org/10.1007/s10207-019-00481-8.

Full text
Abstract:
AbstractBrowser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed into an internal queue within the browser. The order in which each extension executes depends on a number of factors, including their relative installation times. In this paper, we demonstrate how this order can be exploited by an unprivileged malicious extension (i.e., one with no more permissions than those already assigned when accessing web content) to get access to any private information that other extensions have previously introduced. We propose a solution that does not require modifying the core browser engine, since it is implemented as another browser extension. We prove that our approach effectively protects the user against usual attackers (i.e., any other installed extension) as well as against strong attackers having access to the effects of all installed extensions (i.e., knowing who did what). We also prove soundness and robustness of our approach under reasonable assumptions.
APA, Harvard, Vancouver, ISO, and other styles
2

Wang, Yao, Wandong Cai, Pin Lyu, and Wei Shao. "A Combined Static and Dynamic Analysis Approach to Detect Malicious Browser Extensions." Security and Communication Networks 2018 (2018): 1–16. http://dx.doi.org/10.1155/2018/7087239.

Full text
Abstract:
Ill-intentioned browser extensions pose an emergent security risk and have become one of the most common attack vectors on the Internet due to their wide popularity and high privilege. Once installed, malicious extensions are executed and attempt to compromise a victim’s browser. To detect malicious browser extensions, security researchers have put forward several techniques. These techniques primarily concentrate on the usage of API calls by malicious extensions, imposing restricted policies for extensions, and monitoring extension’s activities. In this paper, we propose a machine-learning-based approach to detect malicious extensions. We apply static and dynamic techniques to analyse an extension for extracting features. The analysis process extracts features from the source codes including JavaScript codes, HTML pages, and CSS files and the execution activities of an extension. To guarantee the robustness of the features, a feature selection method is then applied to retain the most relevant features while discarding low-correlated features. The detection models based on machine-learning techniques are subsequently constructed by leveraging these features. As can be seen from evaluation results, our detection model, containing over 4,600 labelled extension samples, is able to detect malicious extensions with an accuracy of 96.52% in validation set and 95.18% in test set, with a false positive rate of 2.38% in validation set and 3.66% in test set.
APA, Harvard, Vancouver, ISO, and other styles
3

Ferguson, Christine L. "Leaning into Browser Extensions." Serials Review 45, no. 1-2 (April 3, 2019): 48–53. http://dx.doi.org/10.1080/00987913.2019.1624909.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Kruegel, Christopher. "Making browser extensions secure." Communications of the ACM 54, no. 9 (September 2011): 90. http://dx.doi.org/10.1145/1995376.1995397.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

De Sarkar, Tanmay. "The prevalence of web browser extensions use in library services: an exploratory study." Electronic Library 33, no. 3 (June 1, 2015): 334–54. http://dx.doi.org/10.1108/el-04-2013-0063.

Full text
Abstract:
Purpose – The paper aims to present an outline how libraries are harnessing browser extensions to provide an easy and convenient access to library resources and services. Investigating the features, purposes of use and types of browser extensions prevalent among libraries in different regions, the paper seeks to measure the degree of implementation of browser extensions. Design/methodology/approach – Stratified sampling method was followed to select academic libraries, and convenient sampling method was applied to select public libraries from four continents – Asia, Oceania, Europe and North America. Two-step web content analysis was applied to gather data along the select dimensions. Findings – The study contributes to the recent advances in application of browser extension with numerous examples focussing on the relevance of different approaches adopted by the libraries. Providing a framework of proportionate implementation along checkpoints, the study also highlights degree of acceptance of browser extension among libraries in different regions. Research limitations/implications – The investigation was restricted to libraries having English websites and confined to four continents only. This study aims at improving understanding among the librarians about the intended use and application of browser extension and helping them benchmark their effort in support of education, research and training. The current investigation expands the scope of future research on remaining regions and website whose contents are in non-English language to attain a broader perspective of its implementation. Originality/value – The article may guide library professionals to use, develop and promote the implementation of browser extension in libraries. The checkpoints used here may serve as bedrock for framing questionnaire and interview schedule for conducting future research examining users’ perception of browser extension in the context of library resources and usage pattern, to fully comprehend its practicability and usefulness.
APA, Harvard, Vancouver, ISO, and other styles
6

Perrotta, Raffaello, and Feng Hao. "Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions." IEEE Security & Privacy 16, no. 4 (July 2018): 66–81. http://dx.doi.org/10.1109/msp.2018.3111249.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Ter Louw, Mike, Jin Soon Lim, and V. N. Venkatakrishnan. "Enhancing web browser security against malware extensions." Journal in Computer Virology 4, no. 3 (January 12, 2008): 179–95. http://dx.doi.org/10.1007/s11416-007-0078-5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Patil, Kailas. "Isolating malicious content scripts of browser extensions." International Journal of Information Privacy, Security and Integrity 3, no. 1 (2017): 18. http://dx.doi.org/10.1504/ijipsi.2017.086794.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Patil, Kailas. "Isolating malicious content scripts of browser extensions." International Journal of Information Privacy, Security and Integrity 3, no. 1 (2017): 18. http://dx.doi.org/10.1504/ijipsi.2017.10007834.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Agarwal, S., and H. Yu. "Figure summarizer browser extensions for PubMed Central." Bioinformatics 27, no. 12 (April 14, 2011): 1723–24. http://dx.doi.org/10.1093/bioinformatics/btr194.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Browser extensions"

1

Nicholson, Brian Robert. "LibX 2.0." Thesis, Virginia Tech, 2011. http://hdl.handle.net/10919/36355.

Full text
Abstract:
As Internet applications continue to gain popularity, users are becoming increasingly comfortable with using the Web as part of their daily lives. Content is becoming digitized on a massive scale, and web browsers are emerging as the platform of choice. Library catalogs, or OPACs, have become widely digitized as part of this trend. Unlike modern search engines, however, many OPACs require antiquated, boolean-based search queries. Consequently, OPAC usage has declined. Libraries have recently begun to introduce modernized services that enable Google-like queries with convenient syntaxes; however, these services are not widely adopted since Google remains more accessible and familiar. LibX 2.0 is a browser extension for Mozilla Firefox and Google Chrome that provides an interface for locating library resources. LibX 2.0 gives users instant access to library searches, links, and proxies. It provides support for the modernized search services that libraries are beginning to offer. Additionally, as a browser extension, LibX 2.0 is more accessible than the OPACs themselves. LibX 2.0 is the next iteration of the popular LibX extension. LibX 2.0 borrows several software engineering concepts for its design, including code reuse and modularity. As a result, we have created and updated many components to be compatible with these software engineering goals. We have designed a new user interface, inspired by Google Chrome, whose design we share between browsers. We have developed a framework for library applications, or LibApps, which enable user-created, extensible code. We have also developed custom caching, internationalization, and user preferences libraries to support our new design.
Master of Science
APA, Harvard, Vancouver, ISO, and other styles
2

Bertmar, Sofia, and Johanna Gerhardsen. "Profile based evaluation of what different browsers and browser extensions may be able to learn about a user." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177163.

Full text
Abstract:
Information leakage online has become a marketplace where companies can profile users to gain revenue from personalized advertising. This thesis offers a deeper analysis into what part the browsers Chrome and Firefox play in this targeted advertising. Privacy focused extensions have become a common way for users to avoid being exposed to third-party trackers, and two such extensions are Ghostery and CatBlock. By adding these to the browsers, this thesis examines how ads are affected during online sessions. Through development of a Selenium web crawler, several online profiles were built with the usage of personas based on specific interest categories. By performing daily sessions of Google search queries, data was collected in the form of ads and HTML text. The data collection lasted for a period of 21 days, using 29 virtual machines and 6 personas. This data was further used to analyze the extent of personalization of ads as profiles were built over time. The results obtained show similarities in how ads are targeted in the browsers, as well as the level of personalization that occurs when using an extension. Results show no major differences in level of targeting between the used browsers, but clearly show that a personalization of advertising has occurred. The usage of extensions proved to be efficient in reducing the amount of ads that a user is exposed to. However, the usage of extensions did not decrease the percentage of targeting amongst ads.
APA, Harvard, Vancouver, ISO, and other styles
3

Joelsson, Tomas. "Mobile Web Browser Extensions : Utilizing local device functionality in mobile web applications." Thesis, KTH, Kommunikationssystem, CoS, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-91862.

Full text
Abstract:
Mobile web browsers of today have many of the same capabilities as their desktop counterparts. However, among the capabilities they lack is a way for web applications to interact with local devices. While today’s mobile phones commonly include GPS receivers and digital cameras, these local devices are currently not accessible from within the browser. The only means of utilizing these devices is by using standalone applications, but such applications lack the versatility of web browsers. If a mobile browser could utilize these local devices, then a mobile application could run within the browser, thus avoiding the need for specialized client software. This thesis suggests an approach for adding such capabilities to mobile browsers. In the proposed method, scripted access to local device functionality is facilitated by a local Java application. This application acts as a proxy server and allows the browser to call methods exposed by the local Java APIs. Both the benefits and some security concerns of this approach are examined. The benefits are further highlighted through two example web applications which utilize local devices.
I dagens mobila webbläsare återfinns det mesta av funktionaliteten från webbläsare för datorer. Det som dock fortfarande saknas är möjligheten för webbapplikationer att komma åt lokala telefonfunktioner. Dagens mobiltelefoner är ofta utrustade med GPS-mottagare och digitalkameror, men dessa kan för närvarande ej nås från webbläsaren. Det enda sättet att utnyttja dessa inbyggda funktioner är genom separata applikationer, men sådana applikationer är inte lika mångsidiga som webbläsare. Om en mobil webbläsare kunde utnyttja de inbyggda funktionerna, så skulle en mobil applikation kunna köras i webbläsaren istället för att ha separat klientprogramvara. Det här examensarbetet föreslår ett sätt att ge denna möjlighet till mobila webbläsare. I den föreslagna metoden används en lokal Java-applikation för att ge tillgång till inbyggda funktioner via skript. Denna applikation fungerar som en proxy-server och låter webbläsaren anropa metoder exponerade av lokala Java-API. Både fördelar och några säkerhetsproblem med den här lösningen undersöks. Fördelarna visas ytterligare genom två exempel på webbapplikationer som utnyttjar inbyggda telefonfunktioner.
APA, Harvard, Vancouver, ISO, and other styles
4

Najbr, Ondřej. "Nástroj pro komentování obsahu webu." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2015. http://www.nusl.cz/ntk/nusl-220543.

Full text
Abstract:
This thesis is divided into three parts. The first part is focused on a description of the formulation of the extension for viewers Internet Explorer, Opera, Safari 5, Mozilla Firefox a Google Chrome, on summary of the facilities of development of the extension for these viewers and on structure of the extension factually for Google Chrome. The second part describes the installation of the extension for Chrome with method of the unpack extension and with method from the Internet shop Chrome. There is also described a detailed formulation of the extension for Chrome with examples of the code source, with possibility of the implementation and the commentary insert into websites. It further describes contribution of the extension and contribution of this thesis. The target of this thesis is to get acquainted with problems of the formulation of the extension of plugins for viewers Chrome or Firefox and to formulate an application, which it will be able to add the commentary to contents of the website.
APA, Harvard, Vancouver, ISO, and other styles
5

Jarosch, Dennis. "Effects and opportunities of native code extensions for computationally demanding web applications." Doctoral thesis, Humboldt-Universität zu Berlin, Philosophische Fakultät I, 2012. http://dx.doi.org/10.18452/16451.

Full text
Abstract:
Das World Wide Web befindet sich im Wandel von interaktiven Webseiten hin zu Web- Applikationen. Eine steigende Zahl von Anwendern führt täglich Aufgaben ausschließlich mit Hilfe des Web-Browsers durch. Dadurch wird das Web zu einer bedeutenden Plattform für Anwendungsentwicklung. Dieser Plattform fehlt jedoch heute noch die Rechenleistung nativer Applikationen. Microsoft Xax und Google Native Client (NaCl) sind zwei neue, unabhängige Technologien zur Entwicklung nativer Web-Applikationen. Sie ermöglichen die Erweiterung herkömmlicher Web-Applikationen durch kompilierten nativen und dennoch betriebssystemunabhängigen Programmcode. Die vorliegende Dissertation untersucht die Vor- und Nachteile nativer Web-Applikationen und analysiert zudem das tatsächliche Leistungsvermögen im Vergleich zu konventionellen JavaScript Web-Applikationen. Dazu wird eine experimentelle Leistungsanalyse von nativen Applikationen in C, JavaScript Web-Applikationen und NaCl nativen Web-Applikationen anhand vier unterschiedlicher Vergleichstests durchgeführt. Dabei werden die folgenden Leistungsaspekte betrachtet: mathematische Operationen (seriell und parallel), 3D-Grafikoperationen und Datenverarbeitung. Die Ergebnisse der Leistungsanalyse zeigen, dass NaCl Stärken in mathematischen und 3D-Grafikoperationen zu Grunde liegen, jedoch erhebliche Schwächen bei der Datenverarbeitung aufweist. Entsprechende Lösungsansätze zur Optimierung der Anwendung werden erarbeitet und erörtert. Eine Bewertung anhand technischer und nicht-technischer Kriterien komplementiert die Ergebnisse der Leistungsanalyse. Darüber hinaus werden die technischen, politischen und strategischen Treiber für NaCls Marktdurchdringung diskutiert.
The World Wide Web is amidst a transition from interactive websites to web applications. An increasing number of users perform their daily computing tasks entirely within the web browser, turning the Web into an important platform for application development. The Web as a platform, however, lacks the computational performance of native applications. This problem has motivated the inception of Microsoft Xax and Google Native Client (NaCl), two independent projects that facilitate the development of native web applications. These allow the extension of conventional web applications with compiled native code, while maintaining operating system portability. This dissertation determines the benefits and drawbacks of native web applications. It also examines the actual performance capabilities of JavaScript web applications. An experimental performance analysis is undertaken in order to determine and compare the performance characteristics of native C applications, JavaScript web applications, and NaCl native web applications. Four application benchmarks consider different performance aspects: number crunching (serial and parallel), 3D graphics performance, and data processing. The results confirm that NaCl''s performance in computational tasks and 3D graphics is impeccable. On the other hand, it shows substantial limitations in data processing. These are evaluated and possible solutions are discussed. The results of the performance analysis are complemented with an evaluation on the basis of technical and non-technical criteria and a discussion of the technical, political, and strategic drivers for NaCl.
APA, Harvard, Vancouver, ISO, and other styles
6

Lindahl, Daniel. "Ledsagande av seniorer i samband med webben : Identifiering av tillvägagångssätt att bistå seniorer i utförandet av uppgifter på webben." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-85937.

Full text
Abstract:
Webben kan användas i många syften och kan skapa ett mervärde både i arbetslivet och det privata livet för människor. Idag förekommer användande av datorer, webben och IT generellt i ett flertal branscher. IT har också blivit en del av det svenska utbildningssystemet där det händer att skolan förser eleverna med en dator och tillhörande program att utföra studier med. De flesta av svenskarna får idag någon form av datorvana genom antingen jobb eller studier, något som vissa seniorer har gått miste om. Personer över 75 år är med marginal den åldersgrupp (räknat från tolv år och äldre) som i Sverige använder internet mest sällan. När frågan ställs om varför är svaret ”det är för krångligt” vanligt förekommande. Denna studie syftar att ta reda på hur användande av webben kan underlättas för seniorer (definierat till personer 75 år och äldre i denna studie). Till en början gick studien ut på att ta reda på vad seniorer kan få ut av att använda internet och webben. Det gjordes genom en litteratursökning och genom ett antal intervjuer. Det framkom att seniorer som faktiskt använder webben på ett eller annat sätt nyttjar exempelvis internetbank, mail och nyheter genom såväl dator som smartphone och surfplatta. Dessa tre områden (mail, internetbank och nyheter) användes i studien som centra för testen som skulle undersöka hur seniorers interaktion med webben kan underlättas. Ett webbläsartillägg utformades anpassat till ovan tre beskrivna områden. Kort beskrivet är ett webbläsartillägg ett lokalt program/tillägg som går att installera i sin webbläsare för att personligen ha tillgång till extern funktionalitet, exempelvis att blockera reklam. Webbläsartillägget som skapades i denna studie gav användarens webbläsare grafiska element som var tänkta att hjälpa användaren att lösa ett antal fördefinierade uppgifter. Tre olika koncept testades under studien. Med koncept syftas här hur den grafiska hjälpen utformas. Användartester utfördes med och utan webbläsartillägg som hjälp för att kunna se om det var någon skillnad på resultaten. När tester utfördes med webbläsartillägget roterades koncepten beskrivna ovan så att alla tre koncept testades under likvärdiga förutsättningar. Testpersonerna som utförde tester med webbläsartillägget fick även möjlighet att ge anonym respons på koncepten genom att fylla i enkäter. Enligt resultaten av denna studie lyckas seniorer bättre (större andel lyckade försök) och snabbare att utföra vardagliga uppgifter när det fanns tillgång till en lista med hur uppgiften ska utföras eller genom att viktiga rubriker och knappar för uppgiften är markerade.
The web can be used in multiple purposes and can create a value both at work and in the personal life of people. Today computers, internet and IT in general are commonly used in multiple professions. IT has also become a part of the Swedish educational system where it happens that the schools provides the students with a computer with including programs to conduct their studies. Most swedes today gets some kind of computer habit from either work or education, something that certain seniors have missed out on. People above the age of 75 is by margin the age-group (taking in to account twelve years and older) that most seldom uses internet in Sweden. When asked why a common answer is “it is too hard”. This study aims to find out in what ways the use of the web can be made easier for seniors (in this study defined as 75 years of age and older). For starters the study focused on finding out what seniors can get out of using internet and the web. That was done by literature searching and a number of interviews. It showed that seniors who actually uses the web one way or the other uses for example internet banking, mail and news by computer, smartphone and/or tablet. These three areas (internet banking, mail and news) was used as a Centre in the user tests who was conducted in order to find out how seniors can be assisted in their interaction with the web. A browser extension was formed suited to the three areas mentioned above. Browser extensions is a sort of a local program/extension to install in your browser to personally have access to external functionality, such as blocking advertisement. The browser extension formed in this study gave the users browser graphic elements with the purpose to help the user solve a number of predetermined tasks. Three concepts was tested in the study. In the context of this study a concept is the way that the graphic assist is formed. User tests was conducted with and without the browser extension as an assist in order to see if there was a difference in the results. When tests was conducted with the browser extension the concepts was rotated so that all three concepts was tested on equal basis. The test persons who conducted the tests with the browser extension also got the opportunity to give anonymous feedback on the concepts through an inquiry that was filled out after conducted test. The result of the user tests and the inquiry indicates that seniors would appreciate a step by step guide for tasks on the web. According to the results of this study seniors conducts everyday tasks both quicker and with more success when there is a step by step list or highlighted headlines and buttons describing said task.
APA, Harvard, Vancouver, ISO, and other styles
7

Marek, Lukáš. "Analýza a vylepšování aplikací pro prohlížeče na základě trendů užívání." Master's thesis, Vysoká škola ekonomická v Praze, 2013. http://www.nusl.cz/ntk/nusl-198294.

Full text
Abstract:
This master thesis deals with the topic of browser extensions, their environment and analysis. The goal is to describe the extensions environment, online Webstores, that offers extensions and to show best practices for analysis and optimization of its extensions and their assets. Within the thesis you can find very precise analysis of online Webstores for Google Chrome extensions and Mozilla Firefox add-ons. Conclusions are made based on this analysis that include special characteristics of the previously mentioned browsers. The master thesis consists of two parts, theoretical and practical. The theoretical parts deals with the description of the browser extensions environment and it presents specific characteristics about online Webstores and browser extensions to the reader. In the practical part the thesis is focused on objectives set by the thesis and it presents the results of the Webstore analysis and description of the universal Google Analytics solution that helps developers to analyze their extensions The thesis contributes to the topic mainly with the precise description of the browser Webstores and extensions environment, best practices and recommendations and by creating the universal Google Analytics solutions for the developers.
APA, Harvard, Vancouver, ISO, and other styles
8

Somé, Dolière Francis. "Sécurité et vie privée dans les applications web." Thesis, Université Côte d'Azur (ComUE), 2018. http://www.theses.fr/2018AZUR4085/document.

Full text
Abstract:
Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le web. Pour éviter cela, nous avons introduit une nouvelle architecture web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par exemple ses mails, son profile sur les réseaux sociaux, et bien plus. Pour lutter contre ces problèmes, nous préconisons aux navigateurs un système de permissions plus fin et une analyse d'extensions plus poussée, afin d'alerter les utilisateurs des dangers réels liés aux extensions
In this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install
APA, Harvard, Vancouver, ISO, and other styles
9

Ferranti, Mirko. "Polymorph per realizzare estensioni di browser multi-piattaforma." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2021. http://amslaurea.unibo.it/23403/.

Full text
Abstract:
Le estensioni per i browser vantano modelli di progettazione differenti, spesso totalmente incompatibili tra loro. Polymorph, l'applicazione presentata dalla tesi, ha lo scopo di agevolare il programmatore durante la progettazione di estensioni per browser adattandole ai differenti modelli di progettazione. La tesi si focalizza in particolare sui modelli di progettazione delle estensioni offerti da Google Chrome e da Safari. L'applicazione è in grado di riconoscere i frammenti di codice più importanti di queste estensioni, aiutando il programmatore sulle problematiche principali come la memorizzazione dei dati o lo scambio dei messaggi tra lo script interno e lo script esterno di queste applicazioni, operazioni mediate da Chrome e Safari con politiche e tecniche differenti.
APA, Harvard, Vancouver, ISO, and other styles
10

Vondráček, Tomáš. "Získávání informací o uživatelích na webových stránkách." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2021. http://www.nusl.cz/ntk/nusl-445554.

Full text
Abstract:
The aim of the diploma thesis is to map the information provided by web browsers, which can be used in practice to identify users on websites. The work focuses on obtaining and subsequent analysis of information about devices, browsers and side effects caused by web extensions that mask the identity of users. The acquisition of information is realized by a designed and implemented library in the TypeScript language, which was deployed on 4 commercial websites. The analysis of the obtained information is carried out after a month of operation of the library and focuses on the degree of information obtained, the speed of obtaining information and the stability of information. The dataset shows that up to 94 % of potentially different users have a unique combination of information. The main contribution of this work lies in the created library, design of new methods of obtaining information, optimization of existing methods and the determination of quality and poor quality information based on their level of information, speed of acquisition and stability over time.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Browser extensions"

1

Wootton, Cliff. "Client Browser Extensions." In The Web Professional’s Handbook, 180–99. Berkeley, CA: Apress, 2003. http://dx.doi.org/10.1007/978-1-4302-5362-4_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Karim, Rezwana, Mohan Dhawan, and Vinod Ganapathy. "Retargetting Legacy Browser Extensions to Modern Extension Frameworks." In ECOOP 2014 – Object-Oriented Programming, 463–88. Berlin, Heidelberg: Springer Berlin Heidelberg, 2014. http://dx.doi.org/10.1007/978-3-662-44202-9_19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Rauti, Sampsa. "Man-in-the-browser Attack: A Case Study on Malicious Browser Extensions." In Communications in Computer and Information Science, 60–71. Singapore: Springer Singapore, 2020. http://dx.doi.org/10.1007/978-981-15-4825-3_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Crowley, Matthew. "Building In-Process Extensions with Browser Helper Objects." In Pro Internet Explorer 8 & 9 Development, 333–42. Berkeley, CA: Apress, 2010. http://dx.doi.org/10.1007/978-1-4302-2854-7_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Wang, Lei, Ji Xiang, Jiwu Jing, and Lingchen Zhang. "Towards Fine-Grained Access Control on Browser Extensions." In Information Security Practice and Experience, 158–69. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-29101-2_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Potgieter, Marius, Craig Marais, and Mariana Gerber. "Fostering Content Relevant Information Security Awareness through Browser Extensions." In Information Assurance and Security Education and Training, 58–67. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-39377-8_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Chang, Wentao, and Songqing Chen. "Defeat Information Leakage from Browser Extensions via Data Obfuscation." In Information and Communications Security, 33–48. Cham: Springer International Publishing, 2013. http://dx.doi.org/10.1007/978-3-319-02726-5_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Hausknecht, Daniel, Jonas Magazinius, and Andrei Sabelfeld. "May I? - Content Security Policy Endorsement for Browser Extensions." In Detection of Intrusions and Malware, and Vulnerability Assessment, 261–81. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-20550-2_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Lerner, Benjamin S., Liam Elberty, Neal Poole, and Shriram Krishnamurthi. "Verifying Web Browser Extensions’ Compliance with Private-Browsing Mode." In Lecture Notes in Computer Science, 57–74. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-40203-6_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Akshay Dev, P. K., and K. P. Jevitha. "STRIDE Based Analysis of the Chrome Browser Extensions API." In Advances in Intelligent Systems and Computing, 169–78. Singapore: Springer Singapore, 2017. http://dx.doi.org/10.1007/978-981-10-3156-4_17.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Browser extensions"

1

Liu, Lei, Xinwen Zhang, and Songqing Chen. "Botnet with Browser Extensions." In 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust (PASSAT) / 2011 IEEE Third Int'l Conference on Social Computing (SocialCom). IEEE, 2011. http://dx.doi.org/10.1109/passat/socialcom.2011.25.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Guha, Arjun, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy. "Verified Security for Browser Extensions." In 2011 IEEE Symposium on Security and Privacy (SP). IEEE, 2011. http://dx.doi.org/10.1109/sp.2011.36.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Varshney, Gaurav, Manoj Misra, and Pradeep K. Atrey. "Detecting Spying and Fraud Browser Extensions." In CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2017. http://dx.doi.org/10.1145/3137616.3137619.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Singh, Kundan, John Yoakum, and Alan Johnston. "Enterprise WebRTC Powered by Browser Extensions." In IPTComm '15: Principles, Systems and Applications of IP Telecommunications. New York, NY, USA: ACM, 2015. http://dx.doi.org/10.1145/2843491.2843753.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Obimbo, Charlie, Yong Zhou, and Randy Nguyen. "Analysis of Vulnerabilities of Web Browser Extensions." In 2018 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, 2018. http://dx.doi.org/10.1109/csci46756.2018.00029.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Some, Doliere Francis. "EmPoWeb: Empowering Web Applications with Browser Extensions." In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019. http://dx.doi.org/10.1109/sp.2019.00058.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Starov, Oleksii, and Nick Nikiforakis. "XHOUND: Quantifying the Fingerprintability of Browser Extensions." In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017. http://dx.doi.org/10.1109/sp.2017.18.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Xing, Xinyu, Wei Meng, Byoungyoung Lee, Udi Weinsberg, Anmol Sheth, Roberto Perdisci, and Wenke Lee. "Understanding Malvertising Through Ad-Injecting Browser Extensions." In WWW '15: 24th International World Wide Web Conference. Republic and Canton of Geneva, Switzerland: International World Wide Web Conferences Steering Committee, 2015. http://dx.doi.org/10.1145/2736277.2741630.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Sjösten, Alexander, Steven Van Acker, and Andrei Sabelfeld. "Discovering Browser Extensions via Web Accessible Resources." In CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy. New York, NY, USA: ACM, 2017. http://dx.doi.org/10.1145/3029806.3029820.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Dhawan, Mohan, and Vinod Ganapathy. "Analyzing Information Flow in JavaScript-Based Browser Extensions." In 2009 Annual Computer Security Applications Conference (ACSAC). IEEE, 2009. http://dx.doi.org/10.1109/acsac.2009.43.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Browser extensions' for particular source types:
Journal articles Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography