UsefulLinks
Computer Science
Cybersecurity
Browser Security and Exploitation
1. Introduction to Browser Security
2. Browser Architecture Fundamentals
3. Web Technology Foundations
4. Browser Security Models
5. Vulnerability Classifications
6. Browser Exploitation Methodology
7. Exploitation Primitives and Techniques
8. JavaScript Engine Exploitation
9. DOM and Rendering Engine Exploitation
10. Browser Hardening and Mitigations
11. Vulnerability Research Methods
12. Browser Extensions and Plugin Security
13. Emerging Attack Surfaces
14. Security Analysis Tools
12.
Browser Extensions and Plugin Security
12.1.
Extension Architecture
12.1.1.
Manifest File Structure
12.1.1.1.
Permission Declarations
12.1.1.2.
Content Script Configuration
12.1.1.3.
Background Script Setup
12.1.2.
Extension Components
12.1.2.1.
Background Scripts
12.1.2.2.
Content Scripts
12.1.2.3.
Popup Pages
12.1.2.4.
Options Pages
12.1.3.
Extension APIs
12.1.3.1.
Browser API Access
12.1.3.2.
Cross-Origin Permissions
12.1.3.3.
Native Messaging
12.2.
Extension Security Model
12.2.1.
Permission System
12.2.1.1.
Host Permissions
12.2.1.2.
API Permissions
12.2.1.3.
Optional Permissions
12.2.2.
Content Script Isolation
12.2.2.1.
Isolated World Concept
12.2.2.2.
DOM Access Restrictions
12.2.2.3.
JavaScript Context Separation
12.2.3.
Cross-Origin Communication
12.2.3.1.
Message Passing Security
12.2.3.2.
Origin Validation
12.2.3.3.
Privilege Escalation Prevention
12.3.
Extension Vulnerabilities
12.3.1.
Privilege Escalation
12.3.1.1.
Over-Privileged Extensions
12.3.1.2.
Permission Abuse
12.3.1.3.
API Misuse
12.3.2.
Cross-Site Scripting in Extensions
12.3.2.1.
Content Script Injection
12.3.2.2.
Popup Page XSS
12.3.2.3.
Options Page Vulnerabilities
12.3.3.
Insecure Communication
12.3.3.1.
Message Passing Vulnerabilities
12.3.3.2.
Native Messaging Security
12.3.3.3.
External Communication Risks
Previous
11. Vulnerability Research Methods
Go to top
Next
13. Emerging Attack Surfaces