Digital Duality: Exploring the Privacy and Security Threats of Modern Web Browsers

The Web has become an integral part of our daily lives, with web browsers serving as the central hub of our digital existence. While the continuous enhancement of modern browser functionalities and APIs improves the user experience, it also opens the door to new security vulnerabilities and potential privacy breaches. The dissertation investigates the security and privacy threats of modern web technologies, explores the countermeasures, and emphasizes the importance of comprehensive security assessments before deploying new web features. The dissertation focuses on autofill functionality and browser fingerprinting. Autofill, a browser feature, and browser fingerprinting, a set of techniques leveraging browser features, both contribute to privacy violations but present distinct challenges and implications. We first demonstrate novel attacks that exploit autofill functionality to stealthily obtain sensitive user information across all Chromium-based browsers, highlighting the monoculture issue's implications within the browser ecosystem. Next, we develop an innovative browser fingerprinting system that can bypass existing anti-fingerprinting defenses of privacy-oriented browsers and tools while offering comparable discriminatory capabilities. This work indicates that fingerprinting is a more formidable issue than previously perceived. Our research further investigates the flaws in authentication mechanisms using browser fingerprinting and demonstrates a novel attack to bypass Two-Factor Authentication challenges. The work shows the perils of incorporating additional security mechanisms without a comprehensive and in-depth assessment of potential pitfalls.