Modern web apps deliver richer experiences, including interactivity, dynamic content, and real-time communication, but their complexity widens the attack surface, enabling phishing, malicious extensions, memory-resident malware, and browser integrity attacks. These risks intensify with privacy tools like VPNs and Tor, whose protections can degrade or be bypassed under real-world adversaries. To map these vulnerabilities, we analyzed the architectures of VPNs, Tor, and mainstream browsers, identifying shared threat models, attack vectors, and defenses. From 552 articles, we selected 19 peer-reviewed studies that met strict criteria. They proposed defenses such as signature-based malware detection, secure extension APIs with script isolation, partitioned browser architectures, and dynamic blacklisting. Notably, 47% of the studies focused on VPNs or Tor, and 32% examined how these tools interact, both cooperatively and in conflict, in practice. Our results reveal gaps in how layered privacy technologies are deployed and understood; combining tools without aligning their assumptions fosters false confidence. We highlight automated and user-driven mitigations that, when integrated at the architectural layer, can meaningfully reduce privacy and integrity risks in routine web use.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Systematic Literature Review of Vulnerabilities and Defenses in VPNs, Tor, and Web Browsers

  • Neha Agarwal,
  • Ethan Mackin,
  • Faiza Tazi,
  • Mayank Grover,
  • Rutuja More,
  • Sanchari Das

摘要

Modern web apps deliver richer experiences, including interactivity, dynamic content, and real-time communication, but their complexity widens the attack surface, enabling phishing, malicious extensions, memory-resident malware, and browser integrity attacks. These risks intensify with privacy tools like VPNs and Tor, whose protections can degrade or be bypassed under real-world adversaries. To map these vulnerabilities, we analyzed the architectures of VPNs, Tor, and mainstream browsers, identifying shared threat models, attack vectors, and defenses. From 552 articles, we selected 19 peer-reviewed studies that met strict criteria. They proposed defenses such as signature-based malware detection, secure extension APIs with script isolation, partitioned browser architectures, and dynamic blacklisting. Notably, 47% of the studies focused on VPNs or Tor, and 32% examined how these tools interact, both cooperatively and in conflict, in practice. Our results reveal gaps in how layered privacy technologies are deployed and understood; combining tools without aligning their assumptions fosters false confidence. We highlight automated and user-driven mitigations that, when integrated at the architectural layer, can meaningfully reduce privacy and integrity risks in routine web use.