Plug and Prey Scanning and Scoring Browser Extensions
Nishant Sharma
Recon Village @ DEF CON 33 · Day 1 · Recon Village
In an increasingly browser-centric digital landscape, browser extensions have emerged as a significant and often underestimated attack vector, transforming the traditional "endpoint" from the physical machine to the browser itself. The talk "Plug and Prey Scanning and Scoring Browser Extensions," presented by Nishant Sharma and Shya Prattab Singh from Square, delves into the critical need for robust security mechanisms to identify and mitigate risks posed by these ubiquitous mini-applications. They unveil a sophisticated, multi-pronged framework designed to scan, score, and ultimately categorize browser extensions as benign, risky, or malicious, addressing the current gaps in enterprise security.
AI review
Competent engineering talk that builds a sensible multi-layer pipeline for browser extension analysis — the modified Chromium MITM approach and LLM-driven delta analysis are the genuinely interesting bits. Ultimately reads as a product demo for an internal Square tool dressed up as research, and the novelty ceiling is low given how much of this space has already been covered by academic work and commercial players like Spin.AI and LayerX.