Web browsers are conquer more and more areas of our interactions with IT systems. In fact, they are increasingly taking over the role of operating systems: critical parts of personal or business life are supported by web apps, i.e., executed in the browser.
Moreover, browsers extensions or apps allow users to extend the functionality. Thus, users of web browsers do not only need to trust the browser vendor and the web service provider: browser extensions can access everything happening in the browser and, thus, can modify any data that is shown to a users as well as any data that is send to a web service.
To address this problem, we recently started to develop novel security models for browser extensions that focus on protecting the security and privacy of the users of web browsers.