The Browsers’ Blindspot: An Analysis of Modern Browsers’ Checks Against Hijacked Certificates

Modern web browsers have progressed well beyond their initial function of rendering static web pages. They have transformed into versatile platforms capable of handling a diverse range of activities. Given their central role in users’ online activities, browsers have become an important layer shielding users from various threats, including malware downloads, phishing, scams, and cryptojacking. This paper investigates how modern web browsers handle certificate abuse, an increasingly common vector for malware distribution and targeted attacks. Although code signing certificates are traditionally used to verify the authenticity and integrity of software binaries, adversaries are now exploiting these certificates to bypass detection mechanisms and propagate malicious code. This study seeks to empirically evaluate how modern web browsers respond to untrusted code by analyzing their reactions to signed malicious binaries. We show that it is possible to significantly reduce the attack surface against certificate abuse with minimal changes to the source code or the way users interact with websites.