Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil

Type
Paper
Tags
browser
Authors
Kyle Osborn
Event
Black Hat USA 2012
Indexed on
Jun 05, 2014
URL
https://media.blackhat.com/bh-us-12/Briefings/Osborn/BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_WP.pdf
File name
BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_WP.pdf
File size
347.6 KB
MD5
ebdd69a062b895155d81cbeb775e9043
SHA1
7c1ebe804497d0fa2a409396d360ec2052d0427d

Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated processes and sandboxes have proven to be effective in abating exploits by attackers. Our expectation of browser security is so high, that in addition to bug bounty programs, competitions such as Pwn2Own and Pwnium have been formed around the core concept of weeding out dangerous bugs. But even with all the current protections, there is still attack surface not being exploited. We are, of course, talking about Chrome Extensions security bugs. These bugs can lead to extremely powerful attacks, which can effectively allow an attacker to take over your browser. In our workshop, we will demonstrate the power given to an attacker in a presence of a vulnerable extension, and present a tool which will assist in their practical exploitation.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8165 documents and 530.8 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !