Browser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed into an internal queue within the browser. The order in which each extension executes depends on a number of factors, including their relative installation times. In this paper, we demonstrate how this order can be exploited by an unprivileged malicious extension (i.e., one with no more permissions than those already assigned when accessing web content) to get access to any private information that other extensions have previously introduced. We propose a solution that does not require modifying the core browser engine, since it is implemented as another browser extension. We prove that our approach effectively protects the user against usual attackers (i.e., any other installed extension) as well as against strong attackers having access to the effects of all installed extensions (i.e., knowing who did what). We also prove soundness and robustness of our approach under reasonable assumptions.

浏览器扩展是在浏览器上下文中执行的小型应用程序，可提供附加功能并在上网时丰富用户体验。在当前浏览器中接受扩展是毫无疑问的。例如，Chrome的官方扩展程序存储库拥有63,000多个扩展程序，其中一些拥有1000万以上的用户。安装后，扩展将被推送到浏览器的内部队列中。每个扩展的执行顺序取决于许多因素，包括它们的相对安装时间。在本文中，我们演示了无特权的恶意扩展（即，没有比访问Web内容时分配的权限更多的权限）可以利用此命令来访问其他扩展先前引入的任何私有信息。我们提出一种不需要修改核心浏览器引擎的解决方案，因为它是作为另一个浏览器扩展实现的。我们证明我们的方法有效地保护了用户免受通常的攻击者（即，任何其他已安装的扩展程序）以及强大的攻击者都可以访问所有已安装的扩展程序的效果（即，知道谁做了什么）。我们还证明了在合理假设下我们方法的稳健性和稳健性。