Working on new methods and tools to identify browser exploits, I recently came across a common question again in a forum: "Is it possible to detect what browser extensions I have installed?"
That information would be of value to various people for several reasons. Online attackers and snoops stand to gain most from it. Examples:
- Browser extension details can help fingerprint the client from others, as in: "This client uses a Google Translate browser extension. This other client does not."
- Plugin information can also aid in targeted client exploitation, as in: "This this client has version 2.0.6 of the [bleep] password manager installed, with working exploits A, B, and C."
- Addon identification can also be leveraged to hijack the local browser, as in: "This developer's Gmail account has been pwned; let's use it to push a malicious update."
Sounds far-fetched? I wish it were. Check out our blog posts with real-life examples: JavaScript Template Attacks, Password Manager Extension Exploit, and