Critical Thinking - Bug Bounty Podcast Episode 95: Attacking Chrome Extensions with MatanBer - Big Impact on the Client-Side
Oct 31, 2024
In this enlightening discussion, MatanBer, an expert in browser extension security, shares his insights on the intricate architecture of Chrome extensions. They dive into threat models, focusing on content scripts and service workers, highlighting vulnerabilities in isolated environments. Key topics include the nuances of message passing and the security risks posed by poorly secured implementations. MatanBer also unpacks clickjacking and phishing scenarios, stressing the critical need for robust security measures to prevent exploitation.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Intro
00:00 • 2min
Understanding Browser Extension Security
01:54 • 17min
Navigating Chrome Extensions and Security
18:25 • 7min
Understanding Chrome Extension Security and Attack Vectors
25:24 • 4min
Understanding Chrome Extension Security
29:18 • 4min
Exploring Shadow DOM and Security Risks in Browser Extensions
33:36 • 9min
Exploiting Content Scripts in Chrome Extensions
42:48 • 6min
Exploiting Browser Extensions: XSS Risks and Vulnerabilities
49:05 • 17min
Exploiting Browser Extensions: A Phishing Deep Dive
01:05:36 • 4min
Navigating Browser History Manipulation
01:09:27 • 7min
Exploiting Chrome Extensions: An In-Depth Analysis
01:16:19 • 9min
Exploring Service Workers and Communication in Browser Extensions
01:25:17 • 5min
Connecting Chrome Extension Scripts
01:29:57 • 10min
Unraveling Chrome Extension Vulnerabilities
01:39:54 • 16min