Connect with us

Hi, what are you looking for?

Security

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

According to the findings of cybersecurity researchers, the vulnerability allows the website to track its users across different desktop browsers. These browsers (Apple Safari, Google Chrome, Mozilla Firefox, and Tor) pose a privacy risk when cross-browsing, and the vulnerability uses them as an attack vector. You can use information about the applications installed on your computer to assign your own permanent unique identifier to users. VPN: Konstantin Darutkin of Fingerprintjs said in his blog post-Darutkin that if anonymity between browsers is a matter of course for many users familiar with data protection.

Users like Tor browser because it has well-known maximum data protection features. However, it is not as fast or powerful as other browsers. Therefore, for some websites, you must use Firefox, Safari, or Chrome. When users browse anonymously, users must use Tor, but mistakes may damage privacy. The attacker will identify applications installed by people with a 32-bit cross-browser device ID, which the website uses to verify a list of the 32 most popular applications. This recognition process only takes a few seconds to display the results and can be used on Mac, Linux operating systems, and Windows devices.

To perform this check, the browser uses a built-in custom URL scheme handler, usually called deep linking. The way this function is presented is as if the user can use Skype on the device. When the user uses the address bar to search for it in the browser, the browser will open and ask the user if they want to continue using the application. You can register your own program, and other applications can use it to open it. There are four steps to researching vulnerabilities that involve creating lists. URL scheme of the application under test, and then add a script to test the application.

Use arrays to generate persistent cross-browser identifiers. And use algorithms to determine occupation, age, and interests based on the data in the installed apps. All known browsers have added a mechanism to Darutkin to prevent the exploitation of such flaws, allowing him to work in avalanche mode. Chrome provides some protection against this vulnerability, and it seems to be the only one that can identify The browser for this vulnerability. Chrome will prevent the application from launching unless required by a user gesture (such as a mouse click).

There is a global flag to prevent or allow websites to open applications that are set to false after processing a custom URL scheme. While Chrome is taking measures to resolve this vulnerability, it has been determined that Safari does not allow it to use the vulnerability to view the flood protection scheme of all installed applications. The researchers said that the bug report has been sent to the developers of Chrome, Safari, and Firefox, and even a demo containing all the dates has been released, in the hope that it will inevitably be fixed.

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

credit: Digital Information World

LAST THOUGHTS:

When the user uses the address bar to search for it in the browser, the browser will open and ask the user if they want to continue using the application. Chrome provides some protection against this vulnerability, and it seems to be the only one that can identify The browser for this vulnerability. While Chrome is taking measures to resolve this vulnerability, it has been determined that Safari does not allow it to use the vulnerability to view the flood protection scheme of all installed applications.

Advertisement. Scroll to continue reading.
Content Protection by DMCA.com
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

News

According to the latest news, Berners-Lee officially auctioned the source code of the World Wide Web as NFT. This auction will contain the original...

COVID-19

In the latest news, Progressive International called for speeding up the vaccination process by excluding patients and providing free technology to manufacture vaccines around...

Electronics

Intel plans to release a new CPU architecture called “Adler Lake” after sometimes the same year. Processors based on this new architecture will see...

News

After a comprehensive research study, several colleges wrapped up that 2 of one of the most commonly utilized networks in the past were indirect scam...