PanoptiChrome: A Modern In-browser Taint Analysis Framework
Keywords: web browser, chromium, taint tracking
TL;DR: A novel taint tracking mechanism for the latest Chromium browsers.
Abstract: Taint tracking in web browsers is a problem of profound interest because it allows developers to accurately
understand the flow of sensitive data across Javascript (JS) functions. Given that modern websites load JS functions
from either the web server or from other third-party sites, this problem has acquired a much more complex and
pernicious dimension. Sadly, for the latest version of the Chromium browser (used by 75\% of users), there is no
dynamic taint propagation engine primarily because it is extremely complex to build one. The nearest competing work
in this space was published in 2018 for version 57; we are now at Chromium version 117, and the current version
is very different from the 2018 version. We outline the details of a multi-year effort in this paper that led to
\fname, which accurately tracks information flow across an arbitrary number of sources and sinks, and is to a large
extent, portable across platforms.
We experimentally show that we can discover fingerprinting APIs that can uniquely identify the browser and sometimes
the user, which are missed by state-of-the-art tools, owing to our comprehensive dynamic analysis methodology.
For the top 20,000 most popular websites, we discover a total of 362 APIs that have
the potential to be used for fingerprinting -- out of these, 208 APIs were previously not reported by
state-of-the-art tools.
Track: Security
Submission Guidelines Scope: Yes
Submission Guidelines Blind: Yes
Submission Guidelines Format: Yes
Submission Guidelines Limit: Yes
Submission Guidelines Authorship: Yes
Student Author: Yes
Submission Number: 2366
Loading