Vulnerabilities discovered in many web browsers that allow users to be tracked through installed applications
If successfully exploited, the vulnerability could allow a malicious actor to track a specific user across multiple browser platforms on the same device by querying the very apps the target has installed. placed on that device.
In fact, certain apps, when installed, create a custom URL scheme that the browser can use to launch URLs in those specific apps.
For example, the custom URL scheme for the popular online conferencing application Zoom is zoommtg:// which, when opened, prompts the browser to launch the Zoom client, as shown in the illustration below. .
There are over a hundred different custom URL handlers configured by the apps, including many well-known names like Slack, Skype, Spotify, Zoom, vscode, Epic Games, Telegram, Discord, Slack , Steam, Battle.net, Xcode, NordVPN, Sketch, Teamviewer, Microsoft Word, WhatsApp, Postman, Adobe, Messenger, Figma, Hotspot Shield, ExpressVPN, Notion or even iTunes.
Browser tracking using URL scheme
A team of security researchers from FingerprintJS recently found a vulnerability that allows websites to track users across many different browsers, including popular names like Chrome, Firefox, Microsoft Edge , Safari and even Tor.
To perform cross-browser tracking by taking advantage of the URL scheme, a website would have to build a profile of the apps installed on the target's device by attempting to open handlers Their known URL, and especially check if the browser launches the prompt.
If a prompt is given to open the application, it can be assumed that a particular application is already installed. By testing different URL handlers, a script can use detected apps to create a unique profile for your device.
Since the apps installed on the device don't change no matter what browser you're using, this could allow the script to track the user's browser usage on both Google Chrome and the hidden browser name like Tor.
To test this vulnerability, researchers at BleepingComputer tried accessing a demo website at Schemeflood.com with Microsoft Edge - where a script launches URL handlers for multiple applications to determine if they installed or not.
The results showed that a unique identifier was displayed on the user's profile. In particular, this identifier is completely null for tests using other browsers such as Firefox, Google Chrome and Tor. This is the code that websites can use to track users.
Notably, out of the four major browsers tested, only Google Chrome has added mitigations to prevent this type of attack. Specifically by preventing multiple attempts to use URL handlers without user action (interaction). However, researchers have also found that activating a built-in Chrome extension, such as PDF Viewer, bypasses this mitigation effort.
In related news, Microsoft Edge program manager Eric Lawrence acknowledged the existence of this attack, and said that Chromium and Microsoft engineers are actively working on fixing the bug.
You should read it
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- The Mail app on iOS has serious vulnerabilities
- IBM developed a new technology to patch security holes
- Security vulnerabilities - basic insights
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Warning: The number of vulnerabilities in open source software are increasing rapidly
- Find security holes on every site with Nikto
- If you are using Firefox, update it immediately to fix security
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- 5 common errors in managing security vulnerabilities
- New dangerous vulnerability in Intel CPU: Works like Specter and Meltdown, threatening all PCs and the cloud
Maybe you are interested
Try the built-in VPN on Microsoft Edge browser
Are lesser known browsers more secure?
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
This browser allows you to use your favorite Chrome extensions that have been removed
How to listen to Apple Podcasts in the browser
Top best browser tools to translate websites