A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers
[article]
2020
arXiv
pre-print
Preserved Fulltext
Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to ...
Browser vendors also provided extensions to enhance web browsers with additional useful capabilities that are not necessarily maintained or supported by default. ...
A line of work has focused on the problem of ad injection via browser extensions. Thomas et al. ...
arXiv:2001.03643v1
fatcat:gl5zp7vamfaqfhn4qenui6q55q
Web Application Security (Dagstuhl Seminar 12401)
2013
Dagstuhl Reports
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In addition to the plenary program, the seminar also featured three parallel break-out sessions on Cross-Site Scripting (XSS), JavaScript and Information-flow control. ...
In Proceedings of the ACM international conference on Object oriented programming systems languages and applications, OOPSLA '12, New '10, pages 126-150. ...
Mario Heiderich discussed a novel set of scriptless injection attacks via Cascading Style Sheets (CSS), HTML, SVG and font files [34] . ...
doi:10.4230/dagrep.2.10.1
dblp:journals/dagstuhl-reports/DesmetJLS12
fatcat:qkke5ohg6fcblf5prpes3a4znm
SurroundWeb: Mitigating Privacy Concerns in a 3D Web Browser
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
of renderable surfaces in a room; 2) the detection sandbox lets applications declaratively place content near recognized objects in the room without revealing if the object is present; and 3) satellite ...
These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform. ...
CSS Extensions Web applications and pages use Cascading Style Sheets (CSS) to style and position content on the page. ...
doi:10.1109/sp.2015.33
dblp:conf/sp/VilkMLORMWG15
fatcat:c4jcy7xedjg7vhnuxigzlqzlxa
Neither Denied nor Exposed: Fixing WebRTC Privacy Leaks
2020
Future Internet
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To this end, and for the sake of detecting and preventing in real time the execution of STUN/TURN clandestine, privacy-invading requests, we introduce two different kinds of solutions: (a) a browser extension ...
, and (b) an HTTP gateway, implemented in C++ as well as in Golang. ...
Namely, the browser cache is being used to store website documents like HTML files, Cascading Style Sheets (CSS), and JavaScript code in order to avoid downloading it again in future site visits. ...
doi:10.3390/fi12050092
fatcat:kwutkzyqmrcdbgaz26eswgkavu
Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Style Sheets (CSS) and HTML, and works even when script execution is completely blocked. ...
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. ...
The authors thank Jamil Shusterman for his assistance in bringing up the measurement setup. ...
arXiv:2103.04952v1
fatcat:gmfmfyfew5aunkv7zwmiisfw7m
Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms
2016
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
To recover the lost control of users over their PII, we design and develop Formlock, a browser extension that warns the user when contact forms are using PII-leaking practices, and provides the ability ...
In this paper, we report on the first large-scale study of PII leakage via contact pages of the 100,000 most popular sites of the web. ...
Availability The prototype of the Formlock Chrome extension is available via the following code repository: https://github.com/ostarov/Formlock ...
doi:10.1515/popets-2015-0028
dblp:journals/popets/StarovGN16
fatcat:xxw32vzz75f7zeb33w2sdes6ii
Towards Usable Checksums
2018
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Also, we develop an extension for the popular Chrome browser that computes and verifies checksums of downloaded files automatically, and an extension for the WordPress CMS that developers can use to easily ...
Specifically, we propose an extension to the recent W3C specification for sub-resource integrity in order to provide integrity protection for download links. ...
These elements are used to include external style sheets (e.g., cascading style sheets-CSS) and scripts (e.g., JavaScript-JS) respectively. ...
doi:10.1145/3243734.3243746
dblp:conf/ccs/CherubiniMCHBH18
fatcat:sjoof57nujc27ozrhjaufdnbva
Prophiler
2011
Proceedings of the 20th international conference on World wide web - WWW '11
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
That is, they run the scripts associated with a web page either directly in a real browser (running in a virtualized environment) or in an emulated browser, and they monitor the scripts' executions for ...
We automatically derive detection models that use these features using machine-learning techniques applied to labeled datasets. ...
We do not currently extract features from CSS files, even though some exploits rely on malicious style sheets. This is left as future work. ...
doi:10.1145/1963405.1963436
dblp:conf/www/CanaliCVK11
fatcat:tk3jauwshne5rjww5hexqyfco4
The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
built-in to the browser, or as a DNS resolver. ...
Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms, deployed as a browser extension, ...
Background
Web browser requests Upon visiting a web page, the browser will make various requests to fetch embedded resources such as scripts, style sheets and images. ...
arXiv:2102.09301v3
fatcat:ucd3y42ktvgdrekyxkhaofekn4
A Study on the Use of Checksums for Integrity Verification of Web Downloads
2020
ACM Transactions on Privacy and Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Second, after a 4-monthlong in-the-wild experiment with 134 participants, we demonstrate how our proposed solution-a Chrome extension that verifies checksums automatically-significantly reduces human errors ...
First, by means of an in-situ experiment with 40 participants and eye-tracking technology, we show that the process is cumbersome and error-prone. ...
These elements are used to include external style sheets (e.g., cascading style sheets-CSS) and scripts (e.g., JavaScript-JS), respectively. ...
doi:10.1145/3410154
fatcat:ztayvw25vvgstfauia7xpqiigq
The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion
2021
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
, DNS resolvers, or built-in to the browser. ...
Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms that are deployed as browser extensions ...
Background
Web browser requests Upon visiting a web page, the browser will make various requests to fetch embedded resources such as scripts, style sheets and images. ...
doi:10.2478/popets-2021-0053
fatcat:5siluhaxsbeqtb74y653yryysm
Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions
2018
IEEE Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Browser extensions have been established as a common feature present in modern browsers. ...
In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range ...
Additional pages such as HTML or style sheets may also be included within the extension provided they are declared within the manifest. ...
doi:10.1109/msp.2018.3111249
fatcat:6umux6h3wzal3cr26wo7443h4u
Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Browser extensions have been established as a common feature present in modern browsers. ...
In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range ...
Additional pages such as HTML or style sheets may also be included within the extension provided they are declared within the manifest. ...
arXiv:1709.09577v1
fatcat:pkmywy66dvhdlixlcnzvt6ap3u
Webzeitgeist
2013
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
Advances in data mining and knowledge discovery have transformed the way Web sites are designed. ...
This idea is manifest in Webzeitgeist, a platform for large-scale design mining comprising a repository of over 100,000 Web pages and 100 million design elements. ...
Moreover, Webzeitgeist's extensible architecture allows new data to be collected and integrated with the repository for supervised learning applications, for instance via crowdsourcing. ...
doi:10.1145/2470654.2466420
dblp:conf/chi/KumarSTLAKT13
fatcat:7uv72ozh3jbmde3xg2mcrautby
Slitheen
2016
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Further, we show how recent innovations in traffic-shaping technology for ISPs mitigate previous deployability challenges. ...
Artificial latency introduced by the system, as well as differences in packet sizes and timings betray their use to a censor capable of performing basic packet and latency analysis. ...
various resources such as cascading style sheets (CSS), JavaScript, images, and videos. ...
doi:10.1145/2976749.2978312
dblp:conf/ccs/BocovichG16
fatcat:ftzjstgfrbhprm2dsicpcwyyza
« Previous
Showing results 1 — 15 out of 151 results