Connect with us

Hi, what are you looking for?

Security

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

According to the findings of cybersecurity researchers, the vulnerability allows the website to track its users across different desktop browsers. These browsers (Apple Safari, Google Chrome, Mozilla Firefox, and Tor) pose a privacy risk when cross-browsing, and the vulnerability uses them as an attack vector. You can use information about the applications installed on your computer to assign your own permanent unique identifier to users. VPN: Konstantin Darutkin of Fingerprintjs said in his blog post-Darutkin that if anonymity between browsers is a matter of course for many users familiar with data protection.

Users like Tor browser because it has well-known maximum data protection features. However, it is not as fast or powerful as other browsers. Therefore, for some websites, you must use Firefox, Safari, or Chrome. When users browse anonymously, users must use Tor, but mistakes may damage privacy. The attacker will identify applications installed by people with a 32-bit cross-browser device ID, which the website uses to verify a list of the 32 most popular applications. This recognition process only takes a few seconds to display the results and can be used on Mac, Linux operating systems, and Windows devices.

To perform this check, the browser uses a built-in custom URL scheme handler, usually called deep linking. The way this function is presented is as if the user can use Skype on the device. When the user uses the address bar to search for it in the browser, the browser will open and ask the user if they want to continue using the application. You can register your own program, and other applications can use it to open it. There are four steps to researching vulnerabilities that involve creating lists. URL scheme of the application under test, and then add a script to test the application.

Pakistan’s IT exports have increased by 46% in 10 months to reach US$1.7 billion, exceeding US$2 billion for the first time in history

Use arrays to generate persistent cross-browser identifiers. And use algorithms to determine occupation, age, and interests based on the data in the installed apps. All known browsers have added a mechanism to Darutkin to prevent the exploitation of such flaws, allowing him to work in avalanche mode. Chrome provides some protection against this vulnerability, and it seems to be the only one that can identify The browser for this vulnerability. Chrome will prevent the application from launching unless required by a user gesture (such as a mouse click).

There is a global flag to prevent or allow websites to open applications that are set to false after processing a custom URL scheme. While Chrome is taking measures to resolve this vulnerability, it has been determined that Safari does not allow it to use the vulnerability to view the flood protection scheme of all installed applications. The researchers said that the bug report has been sent to the developers of Chrome, Safari, and Firefox, and even a demo containing all the dates has been released, in the hope that it will inevitably be fixed.

Security researchers found that websites can use Scheme Flooding to track desktop users in Apple Safari, Google Chrome, Mozilla Firefox and Tor browsers

credit: Digital Information World

LAST THOUGHTS:

When the user uses the address bar to search for it in the browser, the browser will open and ask the user if they want to continue using the application. Chrome provides some protection against this vulnerability, and it seems to be the only one that can identify The browser for this vulnerability. While Chrome is taking measures to resolve this vulnerability, it has been determined that Safari does not allow it to use the vulnerability to view the flood protection scheme of all installed applications.

Survey reveals American's views about turning their devices off, as they opt for lesser screen time at night

mail2box786@gmail.com'
Written By

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

The China Telecom site shared key details of the Open A35 before its launch. It shared price information, images, and specifications. MediaTek Helio P35...

Mobile

iPhone SE3, The iPhone S, could not be released as a sequel 2020 this year. According to new reports, the iPhone SE 3 is...

Entertainment

WWE After the Bell with Corey Graves and Vic Joseph will play host to special guests and surprises in the lead-up to WrestleMania 37 with daily episodes beginning...

Extra

Isn’t it tempting to know about Ethan Klein’s Net Worth? That’s why you’re here, and I assure you you’ll find the exact figure of...