Securing Decrypted Secrets
With browser wallet extensions, one critical security challenge is where to safely keep the decrypted secrets when the wallet is unlocked. In Manifest V2 extensions, background pages are used to store secret values in variables in memory, such that they can be persisted (at least as long as the browser is running), but are not stored to disk. None of this is possible with service workers, which are short-lived event handlers that typically do not maintain state. The only way to persist data between handled events in Manifest V3 using existing methods is by utilizing IndexedDB, Caches, or the chrome.storage API. However, all of these resources require that secret data is written to disk, thus creating a different set of security challenges.
A
proposal was made to add the chrome.storage.session API to the chrome.storage API, which enables extensions to store variables in memory so that service workers and other parts of the extension can access these values as long as the session is active. Although the chrome.storage.session API is enabled in the newest chromium versions (starting from version 100 and higher), it has not been formally announced and, at the time of writing, is listed as
pending in the chrome extension documentation. This modification to the API is not battle tested, and the impact that the usage of this API has on the security of browser extensions wallets is not yet known.
Unsupported Encryption and Key Derivation Packages
Another challenge caused by the switch to Manifest V3 is that encryption and key derivation packages that are considered to be secure, such as
argon2 and
libsodium-js, are currently not supported in Manifest V3 because of their usage of
WebAssembly, which is disallowed for extensions in the new manifest version. For libsodium, this could be a bug in the code used to switch between wasm and asm, whereas argon2 is currently compiled only to wasm. Our team has previously discussed the common usage of insufficiently secure key derivation algorithms and weak encryption algorithms and we intend to publish a blog on this subject in the near future. The incompatibility of argon2 and libsodium-js with Manifest V3 currently limits the options for secure key derivation and encryption methods. It seems likely that WebAssembly will be
supported for extensions in Chrome in the future, but the fix is not in production yet.
Conclusion
In Manifest V3, in order for secret data to be stored securely, the chrome.storage.session API must be used, even though it has neither been officially launched nor sufficiently tested and audited as a secure medium for persisting secret data. In addition, encryption key derivation and encryption packages that are known to be secure are currently incompatible with Manifest V3, which limits the options available for the implementation of sufficiently secure cryptography.
We encourage community members and stakeholders to closely monitor developments in chromium based browser extension security.