News

Chrome Extensions May Be Tracking the User on the Internet

A researcher known as z0ccc claims that Chrome extensions may be tracking user activity on the Internet.

z0ccc created the Extension Fingerprints site, which collects data on installed extensions for Google Chrome and, based on this data, creates a user profile. This profile can then be used to track a person on the Internet.

Let me remind you that we talked about the fact that North Korean hackers exploited 0-day bug in Chrome, and also that The researcher has published an RCE exploit for Chrome, Opera, Brave and other Chromium browsers.

This method relies on the fact that when you create a Chrome extension, you can declare certain assets as web-accessible resources, and they can be accessed by web pages or other extensions. Typically, these resources are image files that use web_accessible_resources, as specified in the extension’s manifest file.

Back in 2019, a study was published proving that such resources available via the Internet can be used to collect data about installed extensions and then fingerprint the user’s browser.

To prevent this, some extensions use a secret token that is required to access a web resource. However, z0ccc discovered a method that still allows collecting information about installed extensions.

Fetching resources for protected extensions takes longer than fetching resources for uninstalled extensions. By comparing the difference in time, you can accurately determine whether the user has protected extensions installed.explains the researcher.

While some extensions, such as MetaMask, don’t provide any resources at all, z0ccc writes that it’s still possible to tell if they’re installed by checking typeof window.ethereum and see if it’s undefined.

To illustrate how his method works, z0ccc created the aforementioned site that checks the visitor’s browser for available resources for 1170 popular extensions from the Google Chrome Web Store (including popular solutions like uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, Rakuten, and ColorZilla).

Based on the collected statistics, the site generates a hash that can then be used to track a specific browser.

Although z0ccc does not collect any data on installed extensions, its tests showed that uBlock is the most common extension, and the most popular option turned out to be no extensions installed at all.

Edition Bleeping Computer notes that installing three or four extensions reduces the percentage of users with a similar set to 0.006%. That is, the more extensions installed, the smaller percentage of people will have similar combinations. Z0ccc notes that the result of 0.006% indicates that this is the only user with this combination of extensions. Although the percentages will change as more people visit the site.

Having 3+ discoverable extensions always seem to make your profile quite unique.warns the researcher.

The sources for the Extension Fingerprints project are available on GitHub.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

2 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

2 days ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

2 days ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

2 days ago