Browser extensions are small programs that add new features to browsers and personalize the browsing experience. They greatly empower user experience on today’s web, with popular extensions like AdBlock having over 10 million downloads. Yet due to their elevated privileges, browser extensions pose major privacy and security challenges. Companies like Google and Facebook have often fallen victims to malicious extensions injecting fake content, such as fake ads, and stealing user information.
“To address these privacy and security challenges, our research deploys a range of techniques from sandboxing to information-flow and data-flow analysis for detecting malicious and vulnerable extensions. We look forward to collaborating with Facebook on this challenging and exciting topic” says Andrei Sabelfeld, professor in information security.
The importance of information security
Software is at the heart of modern computing systems while at the same time being the hardest to get right. Vulnerabilities and bugs open for lucrative attacks, as recently seen in the cyberattacks on Colonial Pipeline in the US and Coop in Sweden.
“My research agenda is to build in security and privacy in the early phases of software and system construction and to design principled frameworks for prevention, detection, and mitigation of vulnerabilities,” says Andrei Sabelfeld.
Written by Julia Persson