Cross-browser tracking vulnerability tracks you via installed apps

Content source
https://www.bleepingcomputer.com/news/security/cross-browser-tracking-vulnerability-tracks-you-via-installed-apps/
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,713
Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.

Certain applications, when installed, will create custom URL schemes that the browser can use to launch a URL in a specific application. [...]
Click to expand...
A researcher from one of the most well-known fingerprinting scripts, FingerprintJS, has disclosed a vulnerability that allows a website to track a device's user between different browsers, including Chrome, Firefox, Microsoft Edge, Safari, and even Tor.

"Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.

"They may use Safari, Firefox or Chrome for some sites, and Tor for sites where they want to stay anonymous. A website exploiting the scheme flooding vulnerability could create a stable and unique identifier that can link those browsing identities together."
Click to expand...
www.bleepingcomputer.com

Cross-browser tracking vulnerability tracks you via installed apps

Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: brambedkar59, Venustus, Nevi and 15 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
922
Opc9 said:
This website lists the some of the apps that can be used to track you with this vulnerability.
schemeflood.com

Exploiting custom protocol handlers for cross-browser tracking

Learn how this exploit works across four major desktop browsers, and why it is a threat to anonymous browsing
schemeflood.com schemeflood.com
Click to expand...
Cross browser tracking.PNG

Of the three apps this site claims I have Spotify is the only one that is actually installed. Skype remnants may be detected somewhere in the Win 10 system but it is disabled and I do not have Telegram installed, I use Signal for secure messaging on this machine.

I note that some of the more popular VPN providers - Express and Nord are on the list of other apps this occurs with.
 
  • Like
Reactions: brambedkar59, Venustus, Nevi and 2 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
922
Stopspying said:
View attachment 258011

Of the three apps this site claims I have Spotify is the only one that is actually installed. Skype remnants may be detected somewhere in the Win 10 system but it is disabled and I do not have Telegram installed, I use Signal for secure messaging on this machine.

I note that some of the more popular VPN providers - Express and Nord are on the list of other apps this occurs with.
Click to expand...
For the above scan by this website my browser was reporting that it was Chrome on Linux. With it set as Firefox on Linux it detects another app - Notion, which I don't have installed either.
Cross browser tracking 2.PNG
Changing the browser settings to imitate Firefox 88 on macOS 10.14 instead of Notion it claims that I have Hotspot Shield installed; there is no chance that I'd install that on any of my devices.

Cross browser tracking 3.PNG

@Opc9 In no way are these comments meant as a reflection on you, I believe that you shared it in good faith and to help MT users understand this issue better. I found it interesting to see what that website made of my installed apps, but it wasn't that accurate with the results for me at least. The last result is apparently a unique one for the scans they have done so far, which is not good news for me if I want to hide on the internet, but the fact that it is not accurate is possibly re-assuring!
 
  • Like
Reactions: Venustus, Nevi, plat and 3 others
The_King

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
547
@Stopspying the web link I posted is from the original article the OP posted. I have noticed that many people don't follow
the source article and usually miss out on important information by just reading what is posted here.

I have also tested the site out with Firefox and Edge and got identical results with the same number of apps detected
as well has the exact same identifier tracking code. So it was able to track me across two browsers without any issues.
 
  • Like
Reactions: Venustus, Nevi, plat and 3 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
922
Opc9 said:
@Stopspying the web link I posted is from the original article the OP posted. I have noticed that many people don't follow
the source article and usually miss out on important information by just reading what is posted here.

I have also tested the site out with Firefox and Edge and got identical results with the same number of apps detected
as well has the exact same identifier tracking code. So it was able to track me across two browsers without any issues.
Click to expand...
I mentioned you as you'd highlighted the schemeflood.com site that had been linked to in the Bleeping Computer article.

I've run the scan again, indicating that I'm using Firefox on Ubuntu and the results are the same as after the original scan - claiming that I have Skype, Spotify and Telegram installed. Apparently 10 scans have shown that combination so far, when I got these results the first time it said there had been 3 results like that. If that is the case then I am part of a small group of users with that result, which is better than being unique as I was in another scan, just!
 
  • Like
Reactions: ZeePriest, Venustus, Nevi and 2 others
plat

plat

Level 28
Verified
Top Poster
Well-known
Sep 13, 2018
1,797
Even one app is one too many...and it's not even formally installed on here. There are so many Skype remnants, not only in the registry but in various locations in File Explorer that it might as well be formally on here. Ridiculous. Installed it to see if those remnants could be removed w/HiBit and no, it's a Store app so I learned a little something.

OK, well the BC article did say Microsoft acknowledged the issue and a fix is prob. coming out sometime.

skype mess.PNG
 
  • Like
  • Applause
Reactions: ZeePriest, mkoundo, brambedkar59 and 6 others
brambedkar59

brambedkar59

Level 25
Verified
Top Poster
Well-known
Apr 16, 2017
1,497
Well this is scary, it managed to track me across Edge, Brave, Firefox and Tor. I even used VPN with private browser window but it does nothing. It says I have Skype and Spotify. I have same identifier as 320 out of 26K users.
Another old (Dec 2020) article about tracking via browser handlers .
www.fortinet.com

Leaking Browser URL/Protocol Handlers | FortiGuard Labs

FortiGuard Labs uncovers two information disclosure vulnerabilities affecting three web browsers. Read more to learn how an attacker could identify the presence of applications that may be installe…
www.fortinet.com www.fortinet.com
 
Last edited:
  • Like
  • Wow
Reactions: Venustus, CyberTech, Stopspying and 6 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Sad
    • Wow
Meta accused of breaking the law by secretly tracking iPhone users
Replies
3
Views
285
News Archive
Digmor Crusher
Digmor Crusher
Correlate
    • Like
    • +Reputation
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Replies
1
Views
496
News Archive
Thales
Thales
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Facebook has started to encrypt links to counter privacy-improving URL Stripping
Replies
3
Views
524
News Archive
Sorrento
Sorrento

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top