English
Related papers

Related papers: After You, Please: Browser Extensions Order Attack…

200 papers

We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to…

Cryptography and Security · Computer Science 2015-03-03 Yossef Oren , Vasileios P. Kemerlis , Simha Sethumadhavan , Angelos D. Keromytis

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work…

Cryptography and Security · Computer Science 2025-10-16 Anuj Gautam , Tarun Yadav , Garrett Smith , Kent Seamons , Scott Ruoti

In this work, we perform a comprehensive analysis of the security of text input fields in web browsers. We find that browsers' coarse-grained permission model violates two security design principles: least privilege and complete mediation.…

Cryptography and Security · Computer Science 2023-09-01 Asmit Nayak , Rishabh Khandelwal , Kassem Fawaz

In the standard web browser programming model, third-party scripts included in an application execute with the same privilege as the application's own code. This leaves the application's confidential data vulnerable to theft and leakage by…

Cryptography and Security · Computer Science 2023-05-09 Abhishek Bichhawat , Vineet Rajani , Jinank Jain , Deepak Garg , Christian Hammer

Open proxies forward traffic on behalf of any Internet user. Listed on open proxy aggregator sites, they are often used to bypass geographic region restrictions or circumvent censorship. Open proxies sometimes also provide a weak form of…

Cryptography and Security · Computer Science 2018-06-28 Akshaya Mani , Tavish Vaidya , David Dworken , Micah Sherr

This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS). We leverage historical data provided by ChromeStats to study global trends in the CWS and security implications. We first highlight the extremely…

Cryptography and Security · Computer Science 2024-06-19 Sheryl Hsu , Manda Tran , Aurore Fass

Modern websites include various types of third-party content such as JavaScript, images, stylesheets, and Flash objects in order to create interactive user interfaces. In addition to explicit inclusion of third-party content by website…

Cryptography and Security · Computer Science 2020-02-17 Sajjad Arshad , Amin Kharraz , William Robertson

The web browser is one of the major channels to access the Internet on mobile devices. Based on the smartphone usage logs from millions of real-world Android users, it is interesting to find that about 38% users have more than one browser…

Software Engineering · Computer Science 2017-12-01 Yun Ma , Shuailiang Dong

The growth of digitalization services via web browsers has simplified our daily routine of doing business. But at the same time, it has made the web browser very attractive for several cyber-attacks. Web phishing is a well-known cyberattack…

Cryptography and Security · Computer Science 2024-09-18 Leand Thaqi , Arbnor Halili , Kamer Vishi , Blerim Rexha

Web applications often include third-party content and scripts to personalize a user's online experience. These scripts have unrestricted access to a user's private data stored in the browser's persistent storage like cookies, localstorage…

Cryptography and Security · Computer Science 2024-11-26 Gayatri Priyadarsini Kancherla , Dishank Goel , Abhishek Bichhawat

Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited…

Cryptography and Security · Computer Science 2020-12-04 Marco Squarcina , Mauro Tempesta , Lorenzo Veronese , Stefano Calzavara , Matteo Maffei

Mobile devices that connect to the Internet via cellular networks are rapidly becoming the primary medium for accessing Web content. Cellular service providers (CSPs) commonly deploy Web proxies and other middleboxes for security,…

Networking and Internet Architecture · Computer Science 2015-11-17 Huijing Zhang , David Choffnes

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate crimes perpetuated partially or entirely over the Internet. These types of crime are known as cybercrimes. In order to…

Cryptography and Security · Computer Science 2017-10-27 Christopher Warren , Eman El-Sheikh , Nhien-An Le-Khac

Progressive Web Applications (PWAs) blend the advantages of web and native apps, offering features like offline access, push notifications, and installability. Beyond these, modern PWAs are increasingly granted system-level capabilities…

Cryptography and Security · Computer Science 2025-09-18 Mengxiao Wang , Guofei Gu

A website browser cookie is a small file created by a web server upon visitation, which is placed in the user's browser directory to enhance the user's experience. However, first and third-party cookies have become a significant threat to…

Computers and Society · Computer Science 2022-11-15 Matthew Wheeler , Suleiman Saka , Sanchari Das

Online tracking is a widespread practice on the web with questionable ethics, security, and privacy concerns. While web tracking can offer personalized and curated content to Internet users, it operates as a sophisticated surveillance…

Cryptography and Security · Computer Science 2025-01-07 Seyed Ali Akhavani , Engin Kirda , Amin Kharraz

Although there are over 1,600,000 third-party Android apps in the Google Play Store, little has been conclusively shown about how their individual (and collective) permission usage has evolved over time. Recently, Android 6 overhauled the…

Cryptography and Security · Computer Science 2016-08-11 Vincent F. Taylor , Ivan Martinovic

Third party tracking is the practice by which third parties recognize users accross different websites as they browse the web. Recent studies show that 90% of websites contain third party content that is tracking its users across the web.…

Cryptography and Security · Computer Science 2017-03-23 Dolière Francis Somé , Nataliia Bielova , Tamara Rezk

With the increase in size of web, the information is also spreading at large scale. Search Engines are the medium to access this information. Crawler is the module of search engine which is responsible for download the web pages. In order…

Information Retrieval · Computer Science 2016-11-07 Deepika , Ashutosh Dixit

CPU caches introduce variations into the execution time of programs that can be exploited by adversaries to recover private information about users or cryptographic keys. Establishing the security of countermeasures against this threat…

Cryptography and Security · Computer Science 2017-05-12 Goran Doychev , Boris Köpf