Vulnerability Allows Cross-Browser Tracking in Chrome, Firefox, Safari, and Tor

A vulnerability in Apple Safari, Google Chrome, Mozilla Firefox and Tor Browser makes it possible to track users across multiple browsers. Even when using a VPN or incognito mode. That claims FingerprintJS , a company that develops fingerprint solutions for companies and websites to identify users and combat fraud.

Some internet users use different browsers for privacy reasons. The vulnerability makes it possible for trackers and websites to retrieve information about programs installed on the computer and then assign the user a unique identifier, even when switching browsers or using a VPN or incognito mode. .

Websites can check if a list of 32 popular applications has been installed by visitors. A process that takes a few seconds and works on Linux, macOS and Windows. Browsers can use the built-in url handlers to check if a particular program is installed.

For example, when users have Skype installed and enter skype: // in the address bar, a dialog box appears in which the browser asks the user if he wants to start Skype. Each application can install its own url handler that allows other apps to open the application.

Websites can check which url handlers are present and thus find out whether an application is installed or not. Using the application data in combination with machine learning, it would even be possible to find out things like profession, interests and age on the basis of the data. In the event of an attack, the browser may briefly show a popup or prompt, but it can easily be missed. However, in the case of Tor Browser, no dialog box is displayed, because it is disabled in the browser.

"Until this vulnerability is resolved, the only way to prevent your browsing sessions from linking to your primary computer is to use a completely different device," said Konstantin Darutkin of FingerprintJS. Chrome is the only one of the four browsers to be aware of the vulnerability. The problem has been discussed on the Chromium bug tracker and should be fixed soon, Darutkin said.

Previous Post Next Post