But what is the reality when we talk about security of browser extensions.
Every browser extensions installed with specific permissions, the most critical one is host access permission which defines on which particular domains your browser extension can read/write data.
You might already notice the sensitivity of host permissions since a little mistake in the implementation flow would lead to a massive security/privacy violation.
During the research on edge extensions, we noticed a way to bypass host access permissions which means an extension which has permission to work on bing.com can read your google, facebook, almost every site data.
This major flaw in Microsoft Edge extension has been submitted responsibly to the Microsoft Security Team; as a result, CVE-2019-0678 assigned with the highest possible bounty.
1. Introduction to the browser extension This section is going to cover what is browser extensions, and examples of browser extensions that are used on a daily basis.
2. Permission model in browser extensions This section details about the importance of manifest.json file, further details about several permissions supported by edge extensions and at last it describes different host access permissions and the concept of privileged pages in browsers.
3. Implementation of sample extension In this section, we will understand the working of edge extensions and associated files.
4. Playing with Tabs API This section includes the demonstration of loading external websites, local files and privileged pages using the tabs API.
5. Forcing edge extensions to load local files and privileged pages Here we will see how I fooled edge extensions to allow me to load local files and privileged pages as well.
8. Stealing google mails Once we bypassed the host access permission, we will discuss how edge extension can read your Google emails without having permission.
9. Stealing local files The continuing previous section, here we will discuss how an edge extension can again escalate his privileges to read local system files.
10. Changing internal edge settings This section details how I was able to change into internal edge settings using edge extensions, this includes enabling/disabling flash, enabling/disabling developer features.
11. Force Update Compatibility list This section details how an extension can force update Microsoft compatibility list
13. Escalating CSP privileges. This section describes how edge extensions provides more privilages to the user when dealing with content security policy