Chapter 9: Cyberattacks via Google Chrome Browser Extensions

There has been an immense utilization of browser extensions these days for providing additional functionality to users over the basic browser functionality. For providing the openness to the developers in bringing additional functionality, browsers frequently give access to most of the security sensitive APIs with an unlimited access control. In the recent times, it has been identified that such access is allowing attackers to carry out cyberfrauds, cyberspying over targeted users using malicious browser extensions. This chapter presents vulnerabilities that are exploited by malicious extensions and identifies possible attacks that can be launched via attackers. It provides browser developers an insight into the current security vulnerabilities to patch them with improved designs in near future to avoid malicious extension-based attacks. Google Chrome browser has been utilized as a case study in this chapter.