CBEAT: Chrome Browser Extension Analysis Tool

Abstract

With exponential increased usage of browser extensions for smooth and effortless browsing experience, preventing exposure of user’s private and sensitive data for malicious intent becomes a perpetual challenging task for security researchers. To address this potential threat, extensive work has been carried out to develop a Chrome Browser Extension Analysis Tool, CBEAT. Exclusivity of CBEAT lies in performing holistic analysis combining manifest analysis and JavaScript static taint analysis of manifest and JavaScript files of Chrome Extensions. CBEAT calculates an extension score based on both analysis mentioned above. This score is subsequently used to arrive at classification of the extension and classified as high, medium and low in exposing user’s private and sensitive data. Out of tested Chrome extensions, this paper finds 40% of them as low, 32% as medium and 28% as high.