Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated processes and sandboxes have proven to be effective in abating exploits by attackers. Our expectation of browser security is so high, that in addition to bug bounty programs, competitions such as Pwn2Own and Pwnium have been formed around the core concept of weeding out dangerous bugs. But even with all the current protections, there is still attack surface not being exploited. We are, of course, talking about Chrome Extensions security bugs. These bugs can lead to extremely powerful attacks, which can effectively allow an attacker to take over your browser. In our workshop, we will demonstrate the power given to an attacker in a presence of a vulnerable extension, and present a tool which will assist in their practical exploitation.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8165 documents and 530.8 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.