• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Google Chrome Extensions Could Be Used to Track Users Online

You are here: Home / General Cyber Security News / Google Chrome Extensions Could Be Used to Track Users Online
June 20, 2022

Web developer ‘z0ccc’ has established a website created to deliver a fingerprint of gadgets centered on Google Chrome extensions mounted on the traveling to browser. 

In an special email interview with Bleeping Laptop or computer, z0ccc mentioned while the web page does not retail store the fingerprint of viewing equipment, the tests shows that facts could be perhaps applied by destructive actors to monitor users.

From a specialized standpoint, this fingerprinting action is achievable because of to a characteristic of Chrome browser extensions that lets builders to declare particular assets as ‘web obtainable resources’ for web internet pages and other extensions.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Web-accessible assets can as a result be employed to look at for put in extensions and generate a fingerprint of a traveling to consumer dependent on the combination of mounted extensions.

“Extensions typically use this attribute to expose visuals or other assets that will need to be loaded in web web pages, but any asset bundled in an extension’s bundle can be designed web available,” z0ccc wrote on a Github page dedicated to the project.

In accordance to the web developer, some extensions use a key token that helps prevent detection, but a ‘Resource timing comparison’ strategy exists that can still be utilized to detect if the extension is mounted.

“Resources of shielded extensions will take extended to fetch than resources of extensions that are not mounted,” z0ccc wrote.

“By evaluating the timing dissimilarities you can properly decide if the guarded extensions are mounted.”

The researcher also stated that this approach does not do the job on Firefox as the browser extension IDs are special for just about every browser occasion.

The strategy, on the other hand, must function on Microsoft Edge extensions, z0ccc reported, but not applying its device, which only detects extensions from the Chrome Web Keep.  

Z0ccc included that even though the info collected employing this method might not constantly be in a position to fingerprint people at a granular degree, when combined with working information factors these as OS, active plugins, time zone and language, tracking users will become exponentially easier and much more correct.


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News BRATA Android Malware Group Now Classified As Advanced Persistent Threat
Next Post: Former Amazon Worker Convicted of Capital One Data Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz

Copyright © TheCyberSecurity.News, All Rights Reserved.