Tracking you online is possible through Google Chrome extensions

By FactsWow Team

Posted on: 20 Jun, 2022

The device with various characteristics

There is currently a website that uses the installed extensions of your Google Chrome browser to create a fingerprint of your device from which you can be tracked online by this website. Various characteristics of a device connecting to a website can be used to create tracking hashes that can be used to track users on the web.

The technique with the fingerprint

Performance of GPUs, the installed Windows applications, the screen resolution and hardware configuration of a device, and fonts installed, can all be considered. Through the use of this fingerprinting technique, it would be possible to track a device across different sites.

The web developer with the launch

An extension fingerprinting site is being launched by web developer 'z0ccc' today, using the Chrome extensions installed on a browser to generate an index hash.

Access the Chrome browser

'Web-accessible resources' are assets that can be declared as 'web-accessible resources' in Chrome browser extensions so that web pages or other extensions can access them. The 'web-accessible resources' property in the manifest of a browser extension indicates which resources are accessible to the public.

The comparison with the previous thing

Based on the number of extensions found in the visitor's browser, web-accessible resources can be used as a fingerprint for the visitor's browser, compared to a fingerprint previously revealed in 2019.

The web source with the secret token

Some extensions are protected by a secret token required to view a web resource, explains z0ccc. The researcher found a way to detect if the extension is installed using a 'Resource timing comparison' method

The protected extensions to determine

The resource of an unprotected extension will take longer to fetch than the resource of an unprotected extension. On the project's GitHub page, z0ccc describes how to match timing differences accurately to determine if attachments are protected.

The system with the chrome extension

The extension fingerprints site from z0ccc illustrates this fingerprinting method by checking a visitor's browser for web-accessible resources within 1,170 popular Chrome extensions. Z0CCC can still identify whether specific popular extensions exist by looking for an 'undefined' value.

The track with the less effective

For example, MetaMask does not expose any resources. If you don't have extensions installed, you will have the same fingerprint, and you can track them less effectively, while with numerous attachments, you can track them less effectively.

Addition of extra characteristics 

Because Firefox extension IDs are unique to every browser instance, this method cannot be used with Mozilla Firefox add-ons. The fingerprinting model can, however, be further refined by including additional characteristics. In this way, the fingerprints become unique.

Thank You!

For more stories like this

Explore our website