Shadowed Realities: An Investigation of UI Attacks in WebXR
Chandrika Mukherjee
34th USENIX Security Symposium (USENIX Security '25) · Day 1 · Usable Privacy and Security 1
In an increasingly immersive digital landscape, Extended Reality (XR) technologies are rapidly expanding their footprint across diverse sectors, from retail and healthcare to education and entertainment. While dedicated hardware and SDKs like Meta XR Core SDK and Mixed Reality Toolkit facilitate app development for specific headsets, the emergence of **WebXR** offers a unified, browser-based approach to deliver XR experiences. This talk, "Shadowed Realities: An Investigation of UI Attacks in WebXR," presented by Chandrika Mukherjee of Purdue University, delves into the critical security implications of WebXR's unique architecture, particularly concerning user interface (UI) vulnerabilities.
AI review
Legitimate academic security research that maps a real and underexplored attack surface — UI-layer dark patterns in WebXR advertising ecosystems. The taxonomy and user study are methodologically sound, but the work sits closer to 'first rigorous look at a known-ish problem' than genuine exploitation novelty, and USENIX Security is a stronger fit than a practitioner con like DEF CON.