Two vulnerabilities in most popular browsers can be used to monitor VPN and Tor users. IT experts discovered two vulnerabilities in the browser extensions system used in most modern browsers, including Firefox, Safari, and all Chrome-based browsers and Opera.
Disadvantages of this system can be used by hackers to identify people installing any extensions with 100% accuracy. The information thus obtained can be used to create a unique digital footprint of the browser and hardware used and to identify anonymous users using VPN or Tor. The first vulnerability concerns the WebExtensions extended API system used in Chromium-based browsers (Google Chrome, Opera, Yandex Browser, and Comodo Dragon) as well as Firefox, Edge, Vivaldi and Brave. Information security experts noticed that browsers using the Chromium WebExtensions API need more time to respond to the web site when trying to address an uninstalled extension rather than installing it. This allows you to determine the installed applications in the browser by sending queries and measuring the response time. The method reveals all installed apps in Chrome, Opera, Yandex Browser, and Comodo Dragon. The second vulnerability affects the Safari extension installation model. This browser generates a random path for each session, but user data can be obtained in 40.5% of the time.
No comments:
Post a Comment