Browsers: Data leakage across platforms

Security researchers discovered flaws (PDF) to the extensions systems of all modern browsers that can exploit intruders to list all installed browser extensions.

Attack affects all modern browsers. Researchers have managed to confirm it on all Chromium-based browsers and believe it affects other browsers like Firefox or Edge using the same extensions system. The add-on system for Firefox is also vulnerable to attack.browsers

Chromium-based browsers that are affected are Google Chrome, Yandex and Opera, and Firefox - based browsers, such as Firefox or Pale Moon and the Microsoft Edge.

All browsers protect the data of the extensions from the websites they visit. However, we've seen that sites use different techniques to collect data from browsers.

Security researchers have discovered a way to help them list installed browser extensions even in the latest versions of browsers.

The “time timing attack” or “timing side-channel ” can be used to list installed browser extensions by monitoring the browser's response from accessing system resources.

When one ζητά πρόσβαση σε κάποιο πόρο μιας επέκτασης στο πρόγραμμα περιήγησης, το πρόγραμμα περιήγησης πρέπει να εκτελέσει δύο s: one to see if the extension exists and another to see if the resource the site wants to access is publicly available.

By monitoring the response, attackers may detect the reason behind a request being denied. The site measures the time it takes to return a request from a fake extension and the time it takes a extension.

By comparing time, installed extensions are revealed. According to the researchers, the accuracy of the method reaches 100%.

Attack uses extensions ID and some code. Researchers already have approximately 10000 Chrome and Firefox extensions identifiers. This allows them to accurately locate extensions by comparing the identifiers.

"Real" attackers could use this information for fingerprinting or targeted attacks against specific browser extensions.

Since all these attacks are based on scripts, any scripts blocking can protect you from the attack.

Update: After a conversation we had on Facebook with a friend of SecNews, we were thinking of clarifying that the Apple browser is also affected: influenced by leakage URI in the Safari extensions model.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).