{"id":"https://openalex.org/W4396722450","doi":"https://doi.org/10.1145/3589334.3645683","title":"Experimental Security Analysis of Sensitive Data Access by Browser Extensions","display_name":"Experimental Security Analysis of Sensitive Data Access by Browser Extensions","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4396722450","doi":"https://doi.org/10.1145/3589334.3645683"},"language":"en","primary_location":{"id":"doi:10.1145/3589334.3645683","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645683","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3589334.3645683","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5079194336","display_name":"Asmit Nayak","orcid":"https://orcid.org/0009-0005-7143-2892"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Asmit Nayak","raw_affiliation_strings":["University of Wisconsin - Madison, Madison, WI, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin - Madison, Madison, WI, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103085010","display_name":"Rishabh Khandelwal","orcid":"https://orcid.org/0000-0003-3276-5764"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rishabh Khandelwal","raw_affiliation_strings":["University of Wisconsin - Madison, Madison, WI, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin - Madison, Madison, WI, USA","institution_ids":["https://openalex.org/I135310074"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060924315","display_name":"Earlence Fernandes","orcid":"https://orcid.org/0000-0001-8593-2840"},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Earlence Fernandes","raw_affiliation_strings":["University of California, San Diego, San Diego, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, San Diego, San Diego, CA, USA","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042450214","display_name":"Kassem Fawaz","orcid":"https://orcid.org/0000-0002-4609-7691"},"institutions":[{"id":"https://openalex.org/I135310074","display_name":"University of Wisconsin\u2013Madison","ror":"https://ror.org/01y2jtd41","country_code":"US","type":"education","lineage":["https://openalex.org/I135310074"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kassem Fawaz","raw_affiliation_strings":["University of Wisconsin - Madison, Madison, WI, USA"],"affiliations":[{"raw_affiliation_string":"University of Wisconsin - Madison, Madison, WI, USA","institution_ids":["https://openalex.org/I135310074"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5079194336"],"corresponding_institution_ids":["https://openalex.org/I135310074"],"apc_list":null,"apc_paid":null,"fwci":2.0535,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.87017804,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1283","last_page":"1294"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7952509522438049},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7060356736183167},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.6805094480514526},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5902019739151001},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.49296045303344727},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.45990535616874695},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.4537624716758728}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7952509522438049},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7060356736183167},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.6805094480514526},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5902019739151001},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.49296045303344727},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.45990535616874695},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.4537624716758728},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3589334.3645683","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645683","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3589334.3645683","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3589334.3645683","pdf_url":null,"source":null,"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7005532715","display_name":null,"funder_award_id":"CNS-1942014, CNS-2003129, CNS-2247381","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1852822942","https://openalex.org/W2040977706","https://openalex.org/W2069054745","https://openalex.org/W2087275540","https://openalex.org/W2766514849","https://openalex.org/W2800445785","https://openalex.org/W2891060526","https://openalex.org/W2952419531","https://openalex.org/W2963619203","https://openalex.org/W2964194794","https://openalex.org/W2997928619","https://openalex.org/W2998074434","https://openalex.org/W4221143046","https://openalex.org/W4229007013","https://openalex.org/W4283705032","https://openalex.org/W6600137863"],"related_works":["https://openalex.org/W2374086689","https://openalex.org/W3176279093","https://openalex.org/W2373945265","https://openalex.org/W2370203001","https://openalex.org/W1912565424","https://openalex.org/W4246410201","https://openalex.org/W2385081216","https://openalex.org/W2392327727","https://openalex.org/W2959939328","https://openalex.org/W107495730"],"abstract_inverted_index":{"Browser":[0],"extensions":[1,29,159],"offer":[2],"a":[3,13,69,92,205,223],"variety":[4],"of":[5,57,117,184],"valuable":[6],"features":[7],"and":[8,32,45,124,149,172,222],"functionalities.":[9],"They":[10],"also":[11,152],"pose":[12],"significant":[14],"security":[15,59,244],"risk":[16],"if":[17,104],"not":[18],"properly":[19],"designed":[20],"or":[21],"reviewed.":[22],"Prior":[23],"works":[24],"have":[25,166],"shown":[26],"that":[27,72,80,115,133,164,226],"browser":[28,63],"can":[30,73,125],"access":[31,107,169],"manipulate":[33],"data":[34,38],"fields,":[35,221],"including":[36,144],"sensitive":[37,75,170,219,233,248],"such":[39],"as":[40],"passwords,":[41],"credit":[42],"card":[43],"numbers,":[44],"Social":[46],"Security":[47],"numbers.":[48],"In":[49],"this":[50],"paper,":[51],"we":[52,66,131,189,197],"present":[53],"an":[54,191,230],"empirical":[55],"study":[56,94],"the":[58,81,84,96,105,118,181,185,239],"risks":[60],"posed":[61],"by":[62,212],"extensions.":[64],"Specifically,":[65],"first":[67],"build":[68],"proof-of-concept":[70],"extension":[71,82,106,231],"steal":[74],"user":[76,249],"information.":[77],"We":[78,89,113,151],"find":[79,114],"passes":[83],"Chrome":[85,156],"Webstore":[86],"review":[87],"process.":[88],"then":[90],"perform":[91],"measurement":[93],"on":[95],"top":[97],"10K":[98],"website":[99,213],"login":[100],"pages":[101],"to":[102,108,168,201,217,246],"check":[103],"password":[109,119,175],"fields":[110,120,171,176],"via":[111],"JS.":[112,129],"none":[116],"are":[121],"actively":[122],"protected,":[123],"be":[126],"accessed":[127],"using":[128],"Moreover,":[130],"found":[132],"1K":[134],"websites":[135,146],"store":[136,174],"passwords":[137],"in":[138,140,177],"plaintext":[139],"their":[141],"page":[142],"source,":[143],"popular":[145],"like":[147],"Google.com":[148],"Cloudflare.com.":[150],"analyzed":[153],"over":[154],"160K":[155],"Web":[157],"Store":[158],"for":[160,209,242],"malicious":[161,187],"behavior,":[162],"finding":[163],"28K":[165],"permission":[167],"190":[173],"variables.":[178],"To":[179],"analyze":[180],"behavioral":[182],"workflow":[183],"potentially":[186],"extensions,":[188],"propose":[190],"LLM-driven":[192],"framework,":[193],"Extension":[194],"Reviewer.":[195],"Finally,":[196],"discuss":[198],"two":[199],"countermeasures":[200],"address":[202],"these":[203],"risks:":[204],"bolt-on":[206],"JavaScript":[207],"package":[208],"immediate":[210],"adoption":[211],"developers":[214],"allowing":[215],"them":[216],"protect":[218,247],"input":[220,234],"browser-level":[224],"solution":[225],"alerts":[227],"users":[228],"when":[229],"accesses":[232],"fields.":[235],"Our":[236],"research":[237],"highlights":[238],"urgent":[240],"need":[241],"improved":[243],"measures":[245],"information":[250],"online.":[251]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}