Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil
- Type
- Slides
- Tags
- browser
- Authors
- Kyle Osborn
- Event
- Black Hat USA 2012
- Indexed on
- Jun 05, 2014
- URL
- https://media.blackhat.com/bh-us-12/Briefings/Osborn/BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_Slides.pdf
- File name
- BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_Slides.pdf
- File size
- 541.1 KB
- MD5
- 02f476f6fa9dcc2b2038e284e70b292b
- SHA1
- 1bae8c889fbd088f6ea9c0cbf1e0152b69aa3350
Browser exploitation can seem to be a nearly unachievable task these days. ASLR, DEP, segregated processes and sandboxes have proven to be effective in abating exploits by attackers. Our expectation of browser security is so high, that in addition to bug bounty programs, competitions such as Pwn2Own and Pwnium have been formed around the core concept of weeding out dangerous bugs. But even with all the current protections, there is still attack surface not being exploited. We are, of course, talking about Chrome Extensions security bugs. These bugs can lead to extremely powerful attacks, which can effectively allow an attacker to take over your browser. In our workshop, we will demonstrate the power given to an attacker in a presence of a vulnerable extension, and present a tool which will assist in their practical exploitation.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
