Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a groundbreaking cybersecurity research presentation that unveils a novel clickjacking technique specifically targeting browser extensions. Learn how malicious actors can exploit fake intrusive web elements like cookie consent banners and newsletter modals to trick users into compromising their sensitive data stored in popular browser extensions. Discover the methodology behind testing this attack vector against the 11 most widely used password managers, revealing multiple zero-day vulnerabilities that could potentially affect tens of millions of users worldwide. Understand how a single user click can lead to the theft of critical information including credit card details, personal data, login credentials, and TOTP codes, with some scenarios enabling the exploitation of passkey authentication systems. Gain insights into the broader implications of this technique beyond password managers, as it can be applied to various types of browser extensions including ad blockers and cryptocurrency wallets. Examine the technical details of how attackers can manipulate user interface elements to create convincing fake interactions that bypass extension security measures. Review practical mitigation strategies and security recommendations that extension developers can implement to protect their applications and users from this type of sophisticated attack vector.
