![]() These third-party libraries are regularly updated to address security vulnerabilities, but it is up to extension developers to ensure that these updates are included in extensions. The site the user is visiting may itself be legitimate, but could still end up serving as a conduit for an attack by an ad network that’s been duped into serving malicious content.Īdditionally, like many other types of software available today, extension developers often use third-party libraries to construct extensions. Not only do outright malicious extensions exist, but legitimate, benign extensions with vulnerable Javascript can be attacked by malicious content on a page unintentionally loaded by the user. Extensions have access to powerful functionality within the context of a browser, and as a result, there have been instances when this functionality has been abused by malicious actors. We’ve written before about some of Chrome’s security features, such as the push to drop Flash.Īs with all browsers that support third-party extensibility through extensions, applying a universal security experience can be challenging. From the beginning, Chrome has focused on developing a secure browsing experience and has led the way on numerous improvements within the browser ecosystem. Google Chrome is currently the world’s most widely used browser, with more than 60 percent of users using Chrome. And they wondered why their internet was slow. Ever since these heady days of the young consumer internet, there have been several models for browser customization - from heavy-handed interfaces like Internet Explorer’s ActiveX and the Netscape Plugin API, to the menagerie of toolbars that we dreaded seeing on relatives’ computers. Browsers previously didn’t provide any mechanism for users to customize their browser.įrom this point, the range of functionality provided by toolbars, plugins and extensions exploded. IE 4.0 provided a means for third-party developers to add entries to the right-click menu. ![]() The browser world was never the same again. ![]() On one fateful October day, Microsoft published Internet Explorer 4.0. Internet Explorer and Netscape Navigator were rapidly releasing new versions in an effort to one-up the features of the other. Gather round, children, and let me tell you a tale of the dark period that came to be known as the first Browser War. Remember When 'You've Got Mail!' Was Exciting? We’ll discuss the analysis and enterprise management features later in this post. To provide users and IT teams with actionable intelligence about Chrome extensions, Duo Labs is excited to announce the public beta of CRXcavator (rhymes with “excavator”), a free service that analyzes Chrome extensions and produces comprehensive security reports. These extensions are often overlooked when it comes to assessing the security of user endpoints, even though they have increasing access to personal and corporate data with the widespread usage of Software-as-a-Service (SaaS) tools for presentations, taxes or email clients. While the Chrome browser provides perhaps the most secure browsing experience available, it is often difficult for people and organizations to know which third-party extensions are compatible with their risk profile. Just like Google, Duo has deep interest in a secure and trustworthy browser and extension ecosystem. ![]() While browser security has progressed dramatically and modern browsers, such as Chrome, provide critical security features like automated updates and built-in protection against malicious content the powerful capabilities of browser extensions can introduce critical risks that are often unclear to users. Duo Labs FebruJacob Rickerd Kyle Lady Steve Edwards Josh Yavor Democratizing Chrome Extension SecurityĪs our portal to the internet, browsers represent what is likely the largest common attack surface across consumers and businesses alike. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |