Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Sneaky Extensions - Bypassing MV3 Security in Browser Extensions

DEFCONConference via YouTube

Overview

Explore critical browser extension security vulnerabilities in this DEF CON conference talk that examines the rise of malicious extensions amid increased browser usage during remote work. Learn about the transition from MV2 to MV3 extension models and discover how attackers bypass security measures while requiring minimal permissions commonly granted to 95% of Chrome store extensions. Understand techniques for unauthorized access to webcam feeds, audio streams, clipboard data, and credential theft from password managers. Dive into methods for circumventing MV3's restrictions on arbitrary code execution and examine how malicious extensions can compromise sensitive data from other extensions, including credit card information, passwords, and OTPs. Gain insights into proposed improvements for the extension security model to address these security gaps and protect users from emerging threats.

Syllabus

DEF CON 32 - Sneaky Extensions The MV3 Escape Artists - Vivek Ramachandran, Shourya Pratap Singh

Taught by

DEFCONConference

Reviews

Start your review of Sneaky Extensions - Bypassing MV3 Security in Browser Extensions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.