WWHF @ Mile High 2025

This talk explores new ways to exploit browser extensions for both privilege escalation and persistence. It will explore the “NativeMessaging” functionality within all popular browsers (Edge, Chrome and Firefox) across all major Operating Systems (Windows, Linux, MacOS) and how it can be exploited to run arbitrary processes. This would be useful not only to execute code when the browser is launched, or when certain sites are visited, but it also leaves another area ripe for misconfigurations that we can exploit. This means that under certain circumstances, we may be able to escalate privileges. In addition to all of that, it provides an opportunity to run code in the context of other users, if a misconfiguration is present or the user has high enough privileges on the machine. We will go over the benefits to the offensive-side of using this method, as well as adjacent techniques that have been observed In-The-Wild. Alongside this talk explaining how it was discovered, how to exploit it and why it is useful, I will also be releasing a brand new tool which can be used to detect if any vulnerable extensions are installed and then exploit them to run a process of our choice.