Cybersecurity
Cyber landscape
API security
November 14, 2024

Crossbarking via Chrome Extension

Crossbarking is an attack method in which bad actors run malicious code using cross-site scripting (also known as XSS vulnerability) or a malicious browser extension, as in this case.

Crossbarking via Chrome Extension

In 2024, cybersecurity is a topic of utmost concern as breaches continue to rise across industries. Attackers are targeting all different types of vulnerabilities with new attack patterns emerging all the time. Most recently, researchers have discovered a new type of attack called crossbarking, which allows bad actors to run malicious code on sites with access to powerful, private APIs.

What is crossbarking?

Crossbarking is an attack method in which bad actors run malicious code on sites with access to private browser APIs. 

Browser APIs connect web applications with their functionalities, such as security, maps, and more. Most of these browser APIs are public, but occasionally companies make private ones from scratch to enable new or private functions. Sometimes, this APIs ship without adequate security, and are therefore the most susceptible to crossbarking attacks.

These attacks are executed using cross-scripting sites (XSS) or malicious browser extensions, as in this case. Running a malicious browser extension on an Opera browser is difficult in many cases, but when it comes to Chrome extensions, Opera approves them automatically and quickly.

Puppy Love

In the case of this specific attack, discovered by researchers at Guardio, the malicious browser extension in question was designed to add images of puppies to webpages as a cover for other types of content not desired by the user. However once downloaded by a dogloving Opera user, it would give the creators of the plugin access to the private Opera APIs.

Nati Tal, head researcher at Guardio says,

“You could almost take control over the entire browser, and the computer hosting it.”

To solve the problem, Opera did not do away with private APIs altogether, but blocked the abilities of extensions to run scripts on domains with private API access, in a similar way to Google Chrome. This is an effective remediation but may have consequences on other plugins in the future.

Conclusion

API security is a key issue in our current cyber climate as the volume and complexity of API attacks continues to rise. It is important to keep close track of all the APIs in your landscape, especially private APIs. Security teams need to stay diligent and work with developers to ensure the security of all the APIs in their landscape. To see how FireTail can help with your API security, try it out for free today.

Lina Romero

Related posts

Better Off Apart
November 12, 2024

Better Off Apart

In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.

Read more
Microsoft Sharepoint Vulnerability Disclosure
November 11, 2024

Microsoft Sharepoint Vulnerability Disclosure

Microsoft Sharepoint recently patched vulnerabilities that highlighted the need for highly privileged user access to happen via secure APIs.

Read more
FireTail support for Enhanced Payload Logging For AWS API Gateway V1
November 1, 2024

FireTail support for Enhanced Payload Logging For AWS API Gateway V1

The latest update to FireTail’s platform introduces enhanced logging capabilities for API Gateway V1, offering detailed insights into request and response data, including headers, bodies, and additional metrics.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!