A user may decide to download and install a browser extension to provide desired functionality that is not provided by the browser itself. When invoked, the browser extension can perform various tasks, depending on the objective of the browser extension. For instance, a browser extension may access and extract content provided by a web page with which the user is interacting and then perform any type of operations on the extracted content. In addition, or alternatively, the browser extension can modify the content presented by the web page. In addition or alternatively, the browser extension can access the user's browsing history and/or perform other operations which affect local storage. In addition or alternatively, the browser extension can interact with other network-accessible third-party entities. For example, the browser extension can potentially transfer content extracted from a web page to a third-party entity, such as another website. Or a browser extension can obtain information from a third-party source and apply it to a web page that the user is viewing. These operations are cited by way of example, not limitation; browser extensions can perform yet other tasks.
The above-noted functions performed by browser extensions raise security concerns. For example, assume that a user is currently interacting with a bank-related website. A malicious extension can potentially overstep its stated functions and extract personal information regarding the user (such as the user's password), which it can then potentially send to a third party entity. In addition or alternatively, a malicious extension can modify the content of a web page in an undesirable manner, which may provide misinformation to the user and/or prompt the user to perform harmful actions.
In view of the above concerns, browser providers have adopted various approaches to reduce the security risks associated with browser extensions. In a community-review approach, a browser provider may subject a newly created browser extension to community review. If the browser extension passes this review, the browser provider can add the browser extension to a collection of downloadable extensions. A browser can be configured such that it will not install a browser extension that does not originate from the trusted source. The authenticity of a browser extension can be assessed based on a signature-bearing certificate which accompanies the browser extension.
In a runtime privilege-checking approach, a browser provider can provide a manifest which accompanies the browser extension. The manifest specifies the privileges that are granted to the browser extension. When a user attempts to install such a browser extension, the browser can access the manifest and display the privileges associated with the browser extension. For example, the displayed privileges may indicate the nature and scope of the content that will be accessed by the browser extension. The displayed privileges may also indicate whether the browser extension is permitted to access the user's browsing history. If the user deems the privileges acceptable, he or she may agree to install the browser extension. Next assume that, during the runtime execution of the browser extension, the browser extension attempts to perform an operation which is outside the bounds of the privileges specified in the manifest. The browser can refuse to perform the operation and attempt to unload the browser extension, potentially informing the user about the unexpected extension behavior.
The above-described approaches are not fully satisfactory for illustrative reasons set forth herein.