The article explains that Chrome extensions are composed of six main parts: the manifest file, background scripts, content scripts, popup scripts, web accessible resources, and external resources.
Each plays a unique role in the behavior and potential risks of an extension. The manifest dictates permissions, while background scripts monitor activity and interact with browsers. Content scripts manipulate webpages and the DOM.
Popup scripts shape the user interface, and web accessible resources and external scripts open channels for malicious payloads.
Initial Analysis of Cyber Defenders FakeGPT Malicious Extension
The FakeGPT challenge scenario, hosted on Cyber Defenders, involves employees unknowingly installing a malicious extension. This leads to account compromises and data leaks. The extension’s functionality is reverse-engineered using CRX Viewer to reveal embedded scripts like the manifest, loader, and app script.