Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: Aspects of the disclosure relate to malware detection at endpoint devices. A computing platform may send rule information to a browser extension including a set of rules defining reportable behavior of network traffic associated with a website. Subsequently, the computing platform may receive report information including an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules and an indication of which rules of the set of rules have been met. Based on receiving the report information, the computing platform may assign a risk score for the identified loaded web page. Thereafter, the computing platform may determine that the risk score is above a predetermined threshold, and in response, the computing platform may send commands to the browser extension directing the browser extension to close the identified loaded web page.

Abstract: Aspects of the disclosure relate to malware detection at endpoint devices. A computing platform may send rule information to a browser extension including a set of rules defining reportable behavior of network traffic associated with a website. Subsequently, the computing platform may receive report information including an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules and an indication of which rules of the set of rules have been met. Based on receiving the report information, the computing platform may assign a risk score for the identified loaded web page. Thereafter, the computing platform may determine that the risk score is above a predetermined threshold, and in response, the computing platform may send commands to the browser extension directing the browser extension to close the identified loaded web page.

Abstract: Systems for credential evaluation and control are provided. In some examples, a request to access data via a website may be received. The request may include a username. A browser extension embedded in the web browser used to request the data via the website may be triggered and one or more credential evaluation functions may be executed. An event record associated with the request to access data may be generated. The event record may be analyzed to determine a designation associated with the website and a designation associated with user credentials provided with the request to access the data. The designation of the website and the designation of the credentials may be compared to determine whether the designations match. If so, access to the requested data may be provided. If not, one or more mitigating actions may be identified and executed.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are installed on the computing device. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTP request to a known service via the web browser. The secure browser extension receives a response to the HTTP request via the web browser. The secure browser extension determines whether the received response is an HTTP response (e.g., from an unauthorized application) or a non-HTTP response (e.g., from the known service). Based on determining the received response is an HTTP response, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are installed on the computing device. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTP request to a known service via the web browser. The secure browser extension receives a response to the HTTP request via the web browser. The secure browser extension determines whether the received response is an HTTP response (e.g., from an unauthorized application) or a non-HTTP response (e.g., from the known service). Based on determining the received response is an HTTP response, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: Aspects of the disclosure relate to deploying and maintaining a trust store to dynamically manage web browser extensions on end user computing devices. In some embodiments, an end user computing device may receive a user request to access resources located outside of the enterprise computing infrastructure. The end user computing device may extract and collect user attributes, system attributes, and request attributes from the user request, and deliver the attributes to an enterprise computing platform. The enterprise computing platform may evaluate the attributes to generate a trust score and rules. The enterprise computing platform may deliver the trust score and the rules to the web browser extension associated with the end user computing device. The web browser extension may analyze the trust score using the rules generated by the enterprise computing platform to either grant or deny the user request.

Abstract: Systems for credential evaluation and control are provided. In some examples, a request to access data via a website may be received. The request may include a username. A browser extension embedded in the web browser used to request the data via the website may be triggered and one or more credential evaluation functions may be executed. An event record associated with the request to access data may be generated. The event record may be analyzed to determine a designation associated with the website and a designation associated with user credentials provided with the request to access the data. The designation of the website and the designation of the credentials may be compared to determine whether the designations match. If so, access to the requested data may be provided. If not, one or more mitigating actions may be identified and executed.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are intercepting web browser communications. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTPS request to a known service via the web browser. The secure browser extension receives an HTTPS response to the HTTPS request via the web browser. The secure browser extension determines whether the certificate included in the HTTPS response is trusted by the secure browser extension. Based on determining the certificate is not trusted, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.

Abstract: Aspects of the disclosure relate to detecting and preventing malicious browser extensions. A computing platform may send rule information to a master browser extension on a computing device including a set of rules defining reportable behavior associated with one or more other browser extensions. Subsequently, the computing platform may receive report information from the master browser extension on the computing device identifying an other browser extension of the one or more other browser extensions that exhibit the reportable behavior defined by at least one rule of the set of rules in the rule information. Based on receiving the report information, the computing platform may determine that the identified other browser extension is a malicious extension. Then, the computing platform may send one or more commands to the master browser extension on the computing device directing the master browser extension to disable or remove the identified other browser extension.

Abstract: Aspects of the disclosure relate to malware detection at endpoint devices. A computing platform may send rule information to a browser extension including a set of rules defining reportable behavior of network traffic associated with a website. Subsequently, the computing platform may receive report information including an identification of a loaded web page associated with the website that exhibits the reportable behavior defined by at least one rule of the set of rules and an indication of which rules of the set of rules have been met. Based on receiving the report information, the computing platform may assign a risk score for the identified loaded web page. Thereafter, the computing platform may determine that the risk score is above a predetermined threshold, and in response, the computing platform may send commands to the browser extension directing the browser extension to close the identified loaded web page.

Abstract: A computing device comprising a secure browser extension for a web browser monitors for satisfaction of one or more operating conditions to identify whether one or more unauthorized applications are installed on the computing device. Based on satisfaction of at least one operating condition, the secure browser extension of the computing device sends an HTTP request to a known service via the web browser. The secure browser extension receives a response to the HTTP request via the web browser. The secure browser extension determines whether the received response is an HTTP response (e.g., from an unauthorized application) or a non-HTTP response (e.g., from the known service). Based on determining the received response is an HTTP response, the secure browser extension terminates the web browser session and generates a notification for display at the computing device that indicates web browser communications are compromised.