Chrome Extension Security Testing - TairinySimeonato/WebAuditing GitHub Wiki

See source code at:

• Windows:

file:///C:/Users/<username>/AppData/Local/Google/Chrome/User/Data/Default/Extensions/<extension_id>

• Linux:

* ~/.config/google-chrome/Default/Extensions/

• Interesting files

  • .exe, .elf --> if present, they should be reverse because they have high chances to be flawed.

• Keep in mind: Permissions!

• Extensions can run sandboxed native code

• https://courses.csail.mit.edu/6.857/2016/files/24.pdf
• https://stackoverflow.com/questions/14543896/where-does-chrome-store-extensions
• https://www.checkmarx.com/blog/secure-browser-extensions/