On many occasions, vulnerabilities appear that can compromise our security and privacy. They are bugs that can be present in programs, operating systems and even device firmware. These errors could be exploited by hackers to carry out their attacks. They can steal information, sneak malware, spy on us… In this article we echo a vulnerability that they have detected and that affects the main browsers . Allows you to track through installed applications.
Browser tracking through apps
There is no doubt that the browser is a fundamental piece in our day to day. It is the main program that we use to access websites, services and online platforms. We have a wide range of options at our disposal. The main ones are Google Chrome or Mozilla Firefox, but there are many more.
In this case, a group of security researchers have found a method to track through the browser . To do this they rely on the installed applications. This is so because the programs, when installed, create custom URL schemes that the browser can use for use in a specific application.
This allows that when you open that URL , the browser opens a specific application. A program for making video calls, for example like Skype. However, they have now discovered a vulnerability that allows tracking the user of a device when using different browsers, such as Chrome, Firefox, Edge, Safari and also Tor, which is considered the most private.
If a website exploits that vulnerability it could create a unique identifier and link the identities when browsing. To do this, it generates a profile of the applications installed on the device when trying to open its URL drivers.
What happens is that if a message is launched to open the application, it can be assumed that it is indeed installed. By looking up the URL handlers, a created script could generate a unique profile for that device.
The fact that the installed applications are the same regardless of the browser the user uses, could allow a script to track regardless of whether they are using Chrome, Firefox, Tor …
More than 20 applications
This vulnerability has so far been demonstrated in more than 20 applications, among which we can highlight Skype, Zoom, Spotify, Teamviewer and even some VPNs such as ExpressVPN or NordVPN.
For now, security researchers say, the only way to mitigate this problem is to use a browser on a different device . However, the main browsers have already announced that they are working to launch updates and avoid this vulnerability.
We saw earlier that incognito mode does not improve security in the browser. This causes us to take additional measures to always protect our data and not have problems.
As we always say, it is essential to have the latest versions installed. There are many attacks that can be present on the network. Many security flaws that should be corrected. Hence, we must always have the latest updates and all the patches that appear. Especially when it comes to programs like the browser, where we are going to put a lot of personal data, this becomes even more important.