• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Google Chrome Extensions Could Be Used to Track Users Online

You are here: Home / General Cyber Security News / Google Chrome Extensions Could Be Used to Track Users Online
June 20, 2022

Web developer ‘z0ccc’ has established a website created to deliver a fingerprint of gadgets centered on Google Chrome extensions mounted on the traveling to browser. 

In an special email interview with Bleeping Laptop or computer, z0ccc mentioned while the web page does not retail store the fingerprint of viewing equipment, the tests shows that facts could be perhaps applied by destructive actors to monitor users.

From a specialized standpoint, this fingerprinting action is achievable because of to a characteristic of Chrome browser extensions that lets builders to declare particular assets as ‘web obtainable resources’ for web internet pages and other extensions.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Web-accessible assets can as a result be employed to look at for put in extensions and generate a fingerprint of a traveling to consumer dependent on the combination of mounted extensions.

“Extensions typically use this attribute to expose visuals or other assets that will need to be loaded in web web pages, but any asset bundled in an extension’s bundle can be designed web available,” z0ccc wrote on a Github page dedicated to the project.

In accordance to the web developer, some extensions use a key token that helps prevent detection, but a ‘Resource timing comparison’ strategy exists that can still be utilized to detect if the extension is mounted.

“Resources of shielded extensions will take extended to fetch than resources of extensions that are not mounted,” z0ccc wrote.

“By evaluating the timing dissimilarities you can properly decide if the guarded extensions are mounted.”

The researcher also stated that this approach does not do the job on Firefox as the browser extension IDs are special for just about every browser occasion.

The strategy, on the other hand, must function on Microsoft Edge extensions, z0ccc reported, but not applying its device, which only detects extensions from the Chrome Web Keep.  

Z0ccc included that even though the info collected employing this method might not constantly be in a position to fingerprint people at a granular degree, when combined with working information factors these as OS, active plugins, time zone and language, tracking users will become exponentially easier and much more correct.


Some areas of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News BRATA Android Malware Group Now Classified As Advanced Persistent Threat

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Google Chrome Extensions Could Be Used to Track Users Online
  • BRATA Android Malware Group Now Classified As Advanced Persistent Threat
  • Do You Have Ransomware Insurance? Look at the Fine Print
  • Governance Gap Raises AI Security Concerns
  • QNAP Customers Hit by Double Ransomware Blitz
  • Investigators Disrupt Giant RSocks Botnet
  • Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild
  • BRATA Android Malware Gains Advanced Mobile Threat Capabilities
  • Over a Dozen Flaws Found in Siemens’ Industrial Network Management System
  • Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF

Copyright © TheCyberSecurity.News, All Rights Reserved.