Related papers: Did I Vet You Before? Assessing the Chrome Web Store Vetting Process through Browser Extension Similarity

Did I Vet You Before? Assessing the Chrome Web Store Vetting Process through Browser Extension Similarity

URL: http://arxiv.org/abs/2406.00374v2
Date: Mon, 26 Aug 2024 10:35:43 GMT
Title: Did I Vet You Before? Assessing the Chrome Web Store Vetting Process through Browser Extension Similarity
Authors: José Miguel Moreno, Narseo Vallina-Rodriguez, Juan Tapiador,
Abstract summary: We characterize the prevalence of malware and other infringing extensions in the Chrome Web Store (CWS), the largest distribution platform for this type of software. Our study reveals significant gaps in the CWS vetting process, as 86% of infringing extensions are extremely similar to previously vetted items. Our study also reveals that only 1% of malware extensions flagged by the CWS are detected as malicious by anti-malware engines.
Score: 3.7980955101286322
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Web browsers, particularly Google Chrome and other Chromium-based browsers, have grown in popularity over the past decade, with browser extensions becoming an integral part of their ecosystem. These extensions can customize and enhance the user experience, providing functionality that ranges from ad blockers to, more recently, AI assistants. Given the ever-increasing importance of web browsers, distribution marketplaces for extensions play a key role in keeping users safe by vetting submissions that display abusive or malicious behavior. In this paper, we characterize the prevalence of malware and other infringing extensions in the Chrome Web Store (CWS), the largest distribution platform for this type of software. To do so, we introduce SimExt, a novel methodology for detecting similarly behaving extensions that leverages static and dynamic analysis, Natural Language Processing (NLP) and vector embeddings. Our study reveals significant gaps in the CWS vetting process, as 86% of infringing extensions are extremely similar to previously vetted items, and these extensions take months or even years to be removed. By characterizing the top kinds of infringing extension, we find that 83% are New Tab Extensions (NTEs) and raise some concerns about the consistency of the vetting labels assigned by CWS analysts. Our study also reveals that only 1% of malware extensions flagged by the CWS are detected as malicious by anti-malware engines, indicating a concerning gap between the threat landscape seen by CWS moderators and the detection capabilities of the threat intelligence community.

Related papers

From Blocking to Breaking: Evaluating the Impact of Adblockers on Web Usability [14.498659516878718]
We aim to assess the extent of web breakages caused by adblocking on live sites using automated tools. The study also outlines the challenges and limitations encountered when measuring web breakages in real-time.
arXiv Detail & Related papers (2024-10-30T23:25:07Z)
MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z)
What is in the Chrome Web Store? Investigating Security-Noteworthy Browser Extensions [1.2499537119440243]
This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS) We leverage historical data provided by ChromeStats to study global trends in the CWS and security implications.
arXiv Detail & Related papers (2024-06-18T15:25:06Z)
FV8: A Forced Execution JavaScript Engine for Detecting Evasive Techniques [53.288368877654705]
FV8 is a modified V8 JavaScript engine designed to identify evasion techniques in JavaScript code. It selectively enforces code execution on APIs that conditionally inject dynamic code. It identifies 1,443 npm packages and 164 (82%) extensions containing at least one type of evasion.
arXiv Detail & Related papers (2024-05-21T19:54:19Z)
Manifest V3 Unveiled: Navigating the New Era of Browser Extensions [53.288368877654705]
In 2020, Google announced a shift in extension development with Manifest Version 3 (V3), aiming to replace the previous Version 2 (V2) by January 2023. This paper presents a comprehensive analysis of the Manifest V3 ecosystem.
arXiv Detail & Related papers (2024-04-12T08:09:26Z)
Impact of Extensions on Browser Performance: An Empirical Study on Google Chrome [3.000496428347787]
We conduct an empirical study to understand the impact of extensions on the user-perceived performance of Google Chrome. We observe that browser performance can be negatively impacted by the use of extensions, even when the extensions are used in unintended circumstances. We identify a set of factors that significantly influence the performance impact of extensions, such as code complexity and privacy practices.
arXiv Detail & Related papers (2024-04-10T08:31:40Z)
SENet: Visual Detection of Online Social Engineering Attack Campaigns [3.858859576352153]
Social engineering (SE) aims at deceiving users into performing actions that may compromise their security and privacy. SEShield is a framework for in-browser detection of social engineering attacks.
arXiv Detail & Related papers (2024-01-10T22:25:44Z)
DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z)
Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)
Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.