http://alvee.net16.net

Google based their extension system after methodology proposed by the EECS Department, University of California, Berkley; in their paper Protecting Browsers from Extension Vulnerabilities. The abstract of the paper sheds light on the problem: “Browser extensions are remarkably popular, with one in three Firefox users running at least one extension. Although well-intentioned, extension developers are often not security experts and write buggy code that can be exploited by malicious web-site operators. We propose a new browser-extension system that improves security by using least privilege, privilege separation, and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability.” Least privilege: Google achieves this by requiring every extension to have a manifest that explains what privileges are required, and that is all the extension gets. Privilege separation: Google divides privileges between what they call background pages and content scripts. Like it sounds, the background pages have no contact with Web pages, thus they can have the most privileges. Whereas, content scripts deal directly with Web pages and have limited privileges. This creates a condition where attackers would not be able to obtain privileges or escalate existing privileges.