The Chromium open-source project has become a fundamental piece of the Web as we know it today, with multiple vendors offering browsers based on its codebase. One of its most popular features is the possibility of altering or enhancing the browser functionality through third-party programs known as browser extensions. Extensions have access to a wide range of capabilities through the use of APIs exposed by Chromium. The Debugger API -- arguably the most powerful of such APIs -- allows extensions to use the Chrome DevTools Protocol (CDP), a capability-rich tool for debugging and instrumenting the browser. In this paper, we describe several vulnerabilities present in the Debugger API and in the granting of capabilities to extensions that can be used by an attacker to take control of the browser, escalate privileges, and break context isolation. We demonstrate their impact by introducing six attacks that allow an attacker to steal user information, monitor network traffic, modify site permissions (\eg access to camera or microphone), bypass security interstitials without user intervention, and change the browser settings. Our attacks work in all major Chromium-based browsers as they are rooted at the core of the Chromium project. We reported our findings to the Chromium Development Team, who already fixed some of them and are currently working on fixing the remaining ones. We conclude by discussing how questionable design decisions, lack of public specifications, and an overpowered Debugger API have contributed to enabling these attacks, and propose mitigations.

翻译：Chromium开源项目已成为当今Web的基础组件，多家厂商基于其代码库提供浏览器产品。其最受欢迎的功能之一是通过第三方程序（即浏览器扩展）来修改或增强浏览器功能。扩展通过Chromium暴露的API获得广泛能力——其中调试器API堪称功能最强的API，允许扩展使用Chrome DevTools协议（CDP），这是一个功能丰富、用于浏览器调试和检测的工具。本文描述了调试器API以及扩展权限授予机制中存在的多个漏洞，攻击者可利用这些漏洞控制浏览器、提升权限并破坏上下文隔离。我们通过六种攻击展示了其影响，这些攻击可窃取用户信息、监控网络流量、修改网站权限（如摄像头或麦克风访问权限）、在无需用户干预的情况下绕过安全警告页面，以及更改浏览器设置。由于这些漏洞根植于Chromium项目核心，所有基于Chromium的主流浏览器均受影响。我们已向Chromium开发团队报告了发现，其中部分漏洞已修复，其余漏洞正在修复中。最后，我们探讨了有问题的设计决策、缺乏公开规范以及功能过强的调试器API如何促成这些攻击，并提出了缓解措施。