Key points are not available for this paper at this time.
Browser extension systems risk exposing APIs, which are too permissive and cohesive with the browser’s internal structure, leaving a hole for malicious developers to exploit security critical functionality. We present a botnet framework based on malicious browser extensions and provide an exhaustive range of attacks that can be launched in this framework.
Perrotta et al. (Sun,) studied this question.