add-ons
2023
- Why browser extension games need access to all websites
- Another cluster of potentially malicious Chrome extensions
- Introducing PCVARK and their malicious ad blockers
- How malicious extensions hide running arbitrary code
- More malicious extensions in Chrome Web Store
- Malicious code in PDF Toolbox extension
- Online Security extension: Destroying privacy for no good reason
- TouchEn nxKey: The keylogging anti-keylogger solution
2022
- Scirge: When your employer mandates spyware
- When extension pages are web-accessible
- Attack surface of extension pages
- Impact of extension privileges
- Anatomy of a basic extension
- Hijacking webcams with Screencastify
- Adobe Acrobat hollowing out same-origin policy
- Party time: Injecting code into Teleparty extension
- Skype extension: All functionality broken? Still exploitable!
2021
- Yes, fun browser extensions can have vulnerabilities too!
- Abusing Keepa Price Tracker to track users on Amazon pages
- Breaking Custom Cursor to p0wn the web
- Data exfiltration in Keepa Price Tracker
- Having fun with CSS injection in a browser extension
- Universal XSS in Ninja Cookie extension
- Print Friendly & PDF: Full compromise