A Manifest V3 Chrome Extension that detects phishing websites and cryptojacking attacks in real time using Machine Learning, WebAssembly, and heuristic threat analysis — all running locally inside the browser.
BrowserGuard is a privacy-first browser security extension built with Chrome Manifest V3 that protects users from modern web threats without sending browsing data to external servers.
Unlike traditional browser security tools that rely on cloud APIs, BrowserGuard performs 100% client-side threat analysis, ensuring:
- 🔒 Complete user privacy
- ⚡ Zero network latency
- 📴 Offline threat detection
- 🤖 AI-powered classification
- 🛡️ Real-time webpage protection
The extension combines Machine Learning with heuristic analysis to create a defense-in-depth architecture capable of detecting phishing websites, suspicious domains, and hidden cryptojacking scripts.
- 🧠 XGBoost Machine Learning model deployed directly inside the browser
- ⚡ ONNX Runtime Web (WebAssembly) inference
- 🔐 Privacy-first architecture (no cloud APIs)
- 🌐 Real-time phishing detection
- ⛏️ Hidden cryptojacking detection
- 📊 Live Threat Score dashboard
- 🚨 Automatic warning overlay for dangerous websites
- 🧩 Chrome Manifest V3 architecture
- ⚙️ Offscreen Document based ML execution
BrowserGuard follows a Dual-Engine Defense-in-Depth Architecture.
The ML engine runs entirely inside a Manifest V3 Offscreen Document.
Pipeline:
Dataset (16GB) → Feature Engineering → XGBoost Training → ONNX Conversion → WebAssembly Inference → Threat Score (0–100)
Features used include:
- Shannon Entropy
- WHOIS Age
- TLS Chain Length
- TLS Status
The XGBoost model outputs raw log-odds, which are converted into a Threat Score using a Sigmoid function.
To complement the ML model and reduce false negatives caused by dataset imbalance, BrowserGuard performs additional real-time analysis using JavaScript.
It detects:
- Suspicious high-entropy domains (DGA detection)
- Hidden WebWorkers
- Cryptojacking scripts
- Malicious DOM mutations
A MutationObserver continuously monitors the webpage for suspicious runtime behavior.
- Chrome Manifest V3
- Service Workers
- Offscreen Documents
- Chrome Scripting API
- ActiveTab API
- Python
- XGBoost
- ONNX
- ONNX Runtime Web
- WebAssembly (WASM)
- HTML
- CSS
- JavaScript
BrowserGuard
│
├── assets/
│ └── browserguard_model.onnx
│
├── lib/
│ ├── ort.min.js
│ └── ort-wasm-simd.wasm
│
├── manifest.json
├── background.js
├── content.js
├── popup.html
├── popup.js
├── offscreen.html
├── offscreen.js
└── README.md
- User visits a website.
- BrowserGuard extracts URL and webpage features.
- Network-related features are dynamically simulated for the MVP.
- The feature vector is sent to the Offscreen Document.
- ONNX Runtime performs ML inference.
- The Heuristic Engine performs runtime inspection.
- A Threat Score is generated.
- If the score exceeds the security threshold, BrowserGuard blocks the webpage with a warning overlay.
BrowserGuard never sends browsing history or webpage data to remote servers.
All Machine Learning inference is performed locally using WebAssembly, ensuring complete user privacy.
- Clone or download this repository.
- Open chrome://extensions/
- Enable Developer Mode
- Click Load unpacked
- Select the BrowserGuard folder.
- Live WHOIS integration
- TLS certificate validation
- Threat intelligence feeds
- Automatic model updates
- Firefox support
- Edge support
- Chrome Web Store deployment
This project is released under the MIT License.
⭐ If you found this project useful, consider giving it a star!