Useful Links
Computer Science
Cybersecurity
Browser Security and Exploitation
1. Introduction to Browser Security
2. Browser Architecture Fundamentals
3. Web Technology Foundations
4. Browser Security Models
5. Vulnerability Classifications
6. Browser Exploitation Methodology
7. Exploitation Primitives and Techniques
8. JavaScript Engine Exploitation
9. DOM and Rendering Engine Exploitation
10. Browser Hardening and Mitigations
11. Vulnerability Research Methods
12. Browser Extensions and Plugin Security
13. Emerging Attack Surfaces
14. Security Analysis Tools
Browser Extensions and Plugin Security
Extension Architecture
Manifest File Structure
Permission Declarations
Content Script Configuration
Background Script Setup
Extension Components
Background Scripts
Content Scripts
Popup Pages
Options Pages
Extension APIs
Browser API Access
Cross-Origin Permissions
Native Messaging
Extension Security Model
Permission System
Host Permissions
API Permissions
Optional Permissions
Content Script Isolation
Isolated World Concept
DOM Access Restrictions
JavaScript Context Separation
Cross-Origin Communication
Message Passing Security
Origin Validation
Privilege Escalation Prevention
Extension Vulnerabilities
Privilege Escalation
Over-Privileged Extensions
Permission Abuse
API Misuse
Cross-Site Scripting in Extensions
Content Script Injection
Popup Page XSS
Options Page Vulnerabilities
Insecure Communication
Message Passing Vulnerabilities
Native Messaging Security
External Communication Risks
Previous
11. Vulnerability Research Methods
Go to top
Next
13. Emerging Attack Surfaces