Filters








151 Hits in 5.7 sec

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers [article]

Sajjad Arshad
2020 arXiv   pre-print
Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to  ...  Browser vendors also provided extensions to enhance web browsers with additional useful capabilities that are not necessarily maintained or supported by default.  ...  A line of work has focused on the problem of ad injection via browser extensions. Thomas et al.  ... 
arXiv:2001.03643v1 fatcat:gl5zp7vamfaqfhn4qenui6q55q

Web Application Security (Dagstuhl Seminar 12401)

Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld, Marc Herbstritt
2013 Dagstuhl Reports  
In addition to the plenary program, the seminar also featured three parallel break-out sessions on Cross-Site Scripting (XSS), JavaScript and Information-flow control.  ...  In Proceedings of the ACM international conference on Object oriented programming systems languages and applications, OOPSLA '12, New '10, pages 126-150.  ...  Mario Heiderich discussed a novel set of scriptless injection attacks via Cascading Style Sheets (CSS), HTML, SVG and font files [34] .  ... 
doi:10.4230/dagrep.2.10.1 dblp:journals/dagstuhl-reports/DesmetJLS12 fatcat:qkke5ohg6fcblf5prpes3a4znm

SurroundWeb: Mitigating Privacy Concerns in a 3D Web Browser

John Vilk, David Molnar, Benjamin Livshits, Eyal Ofek, Chris Rossbach, Alexander Moshchuk, Helen J. Wang, Ran Gal
2015 2015 IEEE Symposium on Security and Privacy  
of renderable surfaces in a room; 2) the detection sandbox lets applications declaratively place content near recognized objects in the room without revealing if the object is present; and 3) satellite  ...  These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform.  ...  CSS Extensions Web applications and pages use Cascading Style Sheets (CSS) to style and position content on the page.  ... 
doi:10.1109/sp.2015.33 dblp:conf/sp/VilkMLORMWG15 fatcat:c4jcy7xedjg7vhnuxigzlqzlxa

Neither Denied nor Exposed: Fixing WebRTC Privacy Leaks

Alexandros Fakis, Georgios Karopoulos, Georgios Kambourakis
2020 Future Internet  
To this end, and for the sake of detecting and preventing in real time the execution of STUN/TURN clandestine, privacy-invading requests, we introduce two different kinds of solutions: (a) a browser extension  ...  , and (b) an HTTP gateway, implemented in C++ as well as in Golang.  ...  Namely, the browser cache is being used to store website documents like HTML files, Cascading Style Sheets (CSS), and JavaScript code in order to avoid downloading it again in future site visits.  ... 
doi:10.3390/fi12050092 fatcat:kwutkzyqmrcdbgaz26eswgkavu

Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses [article]

Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, Yuval Yarom
2021 arXiv   pre-print
Style Sheets (CSS) and HTML, and works even when script execution is completely blocked.  ...  The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested.  ...  The authors thank Jamil Shusterman for his assistance in bringing up the measurement setup.  ... 
arXiv:2103.04952v1 fatcat:gmfmfyfew5aunkv7zwmiisfw7m

Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms

Oleksii Starov, Phillipa Gill, Nick Nikiforakis
2016 Proceedings on Privacy Enhancing Technologies  
To recover the lost control of users over their PII, we design and develop Formlock, a browser extension that warns the user when contact forms are using PII-leaking practices, and provides the ability  ...  In this paper, we report on the first large-scale study of PII leakage via contact pages of the 100,000 most popular sites of the web.  ...  Availability The prototype of the Formlock Chrome extension is available via the following code repository: https://github.com/ostarov/Formlock  ... 
doi:10.1515/popets-2015-0028 dblp:journals/popets/StarovGN16 fatcat:xxw32vzz75f7zeb33w2sdes6ii

Towards Usable Checksums

Mauro Cherubini, Alexandre Meylan, Bertil Chapuis, Mathias Humbert, Igor Bilogrevic, Kévin Huguenin
2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18  
Also, we develop an extension for the popular Chrome browser that computes and verifies checksums of downloaded files automatically, and an extension for the WordPress CMS that developers can use to easily  ...  Specifically, we propose an extension to the recent W3C specification for sub-resource integrity in order to provide integrity protection for download links.  ...  These elements are used to include external style sheets (e.g., cascading style sheets-CSS) and scripts (e.g., JavaScript-JS) respectively.  ... 
doi:10.1145/3243734.3243746 dblp:conf/ccs/CherubiniMCHBH18 fatcat:sjoof57nujc27ozrhjaufdnbva

Prophiler

Davide Canali, Marco Cova, Giovanni Vigna, Christopher Kruegel
2011 Proceedings of the 20th international conference on World wide web - WWW '11  
That is, they run the scripts associated with a web page either directly in a real browser (running in a virtualized environment) or in an emulated browser, and they monitor the scripts' executions for  ...  We automatically derive detection models that use these features using machine-learning techniques applied to labeled datasets.  ...  We do not currently extract features from CSS files, even though some exploits rely on malicious style sheets. This is left as future work.  ... 
doi:10.1145/1963405.1963436 dblp:conf/www/CanaliCVK11 fatcat:tk3jauwshne5rjww5hexqyfco4

The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion [article]

Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, Tom Van Goethem
2021 arXiv   pre-print
built-in to the browser, or as a DNS resolver.  ...  Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms, deployed as a browser extension,  ...  Background Web browser requests Upon visiting a web page, the browser will make various requests to fetch embedded resources such as scripts, style sheets and images.  ... 
arXiv:2102.09301v3 fatcat:ucd3y42ktvgdrekyxkhaofekn4

A Study on the Use of Checksums for Integrity Verification of Web Downloads

Alexandre Meylan, Mauro Cherubini, Bertil Chapuis, Mathias Humbert, Igor Bilogrevic, Kévin Huguenin
2020 ACM Transactions on Privacy and Security  
Second, after a 4-monthlong in-the-wild experiment with 134 participants, we demonstrate how our proposed solution-a Chrome extension that verifies checksums automatically-significantly reduces human errors  ...  First, by means of an in-situ experiment with 40 participants and eye-tracking technology, we show that the process is cumbersome and error-prone.  ...  These elements are used to include external style sheets (e.g., cascading style sheets-CSS) and scripts (e.g., JavaScript-JS), respectively.  ... 
doi:10.1145/3410154 fatcat:ztayvw25vvgstfauia7xpqiigq

The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion

Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, Tom Van Goethem
2021 Proceedings on Privacy Enhancing Technologies  
, DNS resolvers, or built-in to the browser.  ...  Online tracking is a whack-a-mole game between trackers who build and monetize behavioral user profiles through intrusive data collection, and anti-tracking mechanisms that are deployed as browser extensions  ...  Background Web browser requests Upon visiting a web page, the browser will make various requests to fetch embedded resources such as scripts, style sheets and images.  ... 
doi:10.2478/popets-2021-0053 fatcat:5siluhaxsbeqtb74y653yryysm

Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions

Raffaello Perrotta, Feng Hao
2018 IEEE Security and Privacy  
Browser extensions have been established as a common feature present in modern browsers.  ...  In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range  ...  Additional pages such as HTML or style sheets may also be included within the extension provided they are declared within the manifest.  ... 
doi:10.1109/msp.2018.3111249 fatcat:6umux6h3wzal3cr26wo7443h4u

Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions [article]

Raffaello Perrotta, Feng Hao
2017 arXiv   pre-print
Browser extensions have been established as a common feature present in modern browsers.  ...  In this paper, we raise the awareness of the threats caused by browser extensions by presenting a botnet framework based on malicious extensions installed in the user's browser, and an exhaustive range  ...  Additional pages such as HTML or style sheets may also be included within the extension provided they are declared within the manifest.  ... 
arXiv:1709.09577v1 fatcat:pkmywy66dvhdlixlcnzvt6ap3u

Webzeitgeist

Ranjitha Kumar, Arvind Satyanarayan, Cesar Torres, Maxine Lim, Salman Ahmad, Scott R. Klemmer, Jerry O. Talton
2013 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13  
Advances in data mining and knowledge discovery have transformed the way Web sites are designed.  ...  This idea is manifest in Webzeitgeist, a platform for large-scale design mining comprising a repository of over 100,000 Web pages and 100 million design elements.  ...  Moreover, Webzeitgeist's extensible architecture allows new data to be collected and integrated with the repository for supervised learning applications, for instance via crowdsourcing.  ... 
doi:10.1145/2470654.2466420 dblp:conf/chi/KumarSTLAKT13 fatcat:7uv72ozh3jbmde3xg2mcrautby

Slitheen

Cecylia Bocovich, Ian Goldberg
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
Further, we show how recent innovations in traffic-shaping technology for ISPs mitigate previous deployability challenges.  ...  Artificial latency introduced by the system, as well as differences in packet sizes and timings betray their use to a censor capable of performing basic packet and latency analysis.  ...  various resources such as cascading style sheets (CSS), JavaScript, images, and videos.  ... 
doi:10.1145/2976749.2978312 dblp:conf/ccs/BocovichG16 fatcat:ftzjstgfrbhprm2dsicpcwyyza
« Previous Showing results 1 — 15 out of 151 results