osewhiz.blogg.se - Opera extensions vulnerabilities research

"Bringing this important privacy improvement marks another step in building a browser that matches up to people’s expectations in 2016. All the user needs to do is enter the manifest file of the extension and the tool displays vulnerable APIs.Yesterday, Opera announced that they have begun development of a version of their web browser for Windows, Macs and Linux machines that will have an integrated Virtual Private Network (VPN) built in as part of the browser without the need for any additional add-ins or paid subscriptions.Īccording to Opera this is all about privacy and meeting their customers expectations: Chrome and Opera are reportedly yet to fix all the extensions.

Firefox was quick to resolve this by removing the extensions. Thankfully, Somé has informed the browser developers of the threats.

Among them, 197 extensions were flagged as serious threats and said to be the most vulnerable to attackers. In his study, this static analysis tool analyzed around 78,000 extensions for Chrome, Firefox, and Opera browsers. Somé has developed a tool to check if APIs can be exploited by malicious websites. Tools to detect suspicious activity in APIs The threat model in the paper highlights six security and privacy threats such as code execution, same origin policy (SOP) bypass, reading cookies, initiating downloads, reading other browser data, and data storing. “Our results demonstrate that the communications between browser extensions and web applications pose serious security and privacy threats to browsers, web applications and more importantly to users,” indicates the study. The French researcher’s paper has detailed how web applications take unfair advantage through APIs. In addition, Somé also demonstrated that APIs were also used to download malicious files and store them in the users’ external storage so that it can be used to track their activity on their devices as well. It appears that noxious websites have been tweaking these extension APIs to steal browser data such as cookies and bookmarks. In his research study, Doliere Francis Somé of INRIA, France uncovered vulnerabilities in extension APIs for browsers.

Along with making browser data vulnerable, attackers can even get into user accounts such as their social media profiles or work accounts.Ī security researcher from France has brought in a new revelation.

APIs for 197 browser extensions are under the scanner for security issues, said a researcher.