Studies claim that anyone could find ways to track a person’s online activities and behaviour after a security researcher had created a site that could generate a user’s device fingerprints through their installed Google Chrome extensions.
The researcher has dubbed the new fingerprinting site “Extension Fingerprints,” allowing its user to generate a tracking hash based on whichever Google Chrome extensions are installed on a person’s web browser.
Some Chrome extension assets could be declared as web-accessible resources wherein it permits other extension apps or web pages to access its properties and manifest file. A few years back, researchers stated that anyone could use web-accessible resources to inspect a web browser’s installed extensions and use those to generate a fingerprint.
Despite learning a way to prevent detection, including some extension’s use of a “secret token” as a requirement to access a web resource, the researchers said that threat actors could still leverage a method called “Resource timing comparison” to detect any installed extensions.
The Extension Fingerprints website will automatically check a user’s browser to detect all installed web browser extensions.
There are thousands of popular extensions that the feature could detect, including users using LastPass, Grammarly, Adobe Acrobat, and Google Docs Offline. Once a visitor reaches the website, the site generates a unique tracking hash that can be used to track the user’s browser.
The researchers noted that people who have fewer to no installed extensions are deemed useless for tracking, while those that have many installed extensions would be generated with less common fingerprints that could easily be used to track them online.
From the tally of data collected from the detected installed web browser extensions, it could be identified that most users have installed uBlock origin, followed by AdBlock and Adobe Acrobat. The Extension Fingerprints website is said to have been released as GitHub’s open-source React project that lets people query for installed browser extensions of users on the web.
