Vulnerability in popular browsers could be used to track, profile users online - Help Net Security

Vulnerability in popular browsers could be used to track, profile users online - Help Net Security

A vulnerability affecting desktop versions of four popular web browsers could be exploited by advertisers, malicious actors, and other third parties to track and profile users online even if they switch browsers, use incognito mode or a VPN, researcher and developer Konstantin Darutkin claims.



Scheme flooding


Darutkin and his colleagues from FingerprintJS are calling the vulnerability and its exploitation “scheme flooding,” as attackers (i.e., websites) can use browsers’ built-in custom URL scheme handlers to check if site visitors have 32 different applications installed on their desktops.


“You can see this feature in action by entering skype:// in your browser address bar. If you have Skype installed, your browser will open a confirmation dialog that asks if you want to launch it,” he explained.


Websites, such as their own vulnerability popular browsers could track profile users online security