<p>Chrome browser extensions have become very popular among the users of Google Chrome and hence they are used by attackers to perform malicious activities which lead to loss of user’s sensitive data or damage to the user’s system. In this study, we have done an analysis on the security of the Chrome extension development APIs. We have used the STRIDE approach to identify the possible threats of the Chrome specific APIs which are used for extension development. The analysis results show that 23 out of the 63 Chrome specific APIs are having various threats as per the STRIDE approach. Information disclosure is the threat faced by many APIs followed by tampering. This threat analysis result can be used as reference for a tool which can detect whether the extension is malicious or not by deeply analysing the ways in which the APIs having threats are used in the extension code. © Springer Nature Singapore Pte Ltd. 2017.</p>
cited By 0; Conference of 5th International Conference on Frontiers in Intelligent Computing Theory and Applications, FICTA 2016 ; Conference Date: 16 September 2016 Through 17 September 2016; Conference Code:189629
P. K. Akshay Dev and Jevitha, K. P., “Stride based analysis of the chrome browser extensions API”, Advances in Intelligent Systems and Computing, vol. 516, pp. 169-178, 2017.