A researcher has established a website that generates a fingerprint of your device based on your installed Google Chrome extensions, which may be used to monitor you online.
It is possible to construct fingerprints, or tracking hashes, depending on numerous features of a device connected to a website in order to monitor users on the internet. GPU performance, installed Windows applications, a device’s screen resolution, hardware setup, and even installed fonts are among these variables.
The same fingerprinting technology can subsequently be used to track a device across many sites.
Installed Chrome addons leave a fingerprint
‘Extension Fingerprints,’ a new fingerprinting site created by web developer ‘z0ccc,’ may generate a tracking hash based on a browser’s installed Google Chrome extensions.
It is possible to declare specific assets as ‘web accessible resources’ that web pages or other extensions can access when creating a Chrome browser extension.
The ‘web accessible resources’ field in a browser extension’s manifest file is used to declare these resources, which are often picture files.
The following is an example of a declaration of web-accessible resources:
“web_accessible_resources”: [
{
“resources”: [ “logo.png” ],
“matches”: [ “https://www.bleepingcomputer.com/*” ]
}
],
It is feasible to use web-accessible resources to check for installed extensions and produce a fingerprint of a visitor’s browser based on the combination of extensions identified, as previously disclosed in 2019.
Some extensions, according to z0ccc, use a secret token that is necessary to access a web resource to avoid discovery. However, the researcher identified a mechanism called ‘Resource timing comparison’ that can still be utilized to determine whether or not the extension is installed.
“Resources from protected extensions will take longer to load than resources from unprotected extensions. You can tell if the protected extensions are installed by comparing the time discrepancies “z0ccc stated the project’s GitHub website.
To demonstrate this fingerprinting technology, z0ccc created the Extension Fingerprints website, which checks a visitor’s browser for web-accessible resources in 1,170 prominent Google Chrome Web Store extensions.
uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, Rakuten, and ColorZilla are among the extensions that the website will detect.
The website will generate a tracking hash based on the mix of installed extensions that can be used to track that particular browser, as seen below.
Although some popular extensions, such as MetaMask, don’t expose any resources, z0ccc can nevertheless tell if they’re loaded by looking for the value “typeof window.ethereum = undefined.”
with no additions
The Extensions Fingerprints site is only compatible with Chrome browsers that have Chrome Web Store extensions installed. This solution will work with Microsoft Edge, but it will need to be tweaked to use extension IDs from Microsoft’s extension store.
Because Firefox extension IDs are unique for each browser instance, this strategy does not work with Mozilla Firefox add-ons.
The most widely used is uBlock Origin.
While z0ccc does not collect data on installed extensions, his own experiments revealed that the most prevalent extension fingerprint is uBlock.
“Having no extensions installed is by far the most common. As previously stated, I do not collect specific extension data, however based on my tests, having simply ublock installed appears to be a common extension fingerprint “z0ccc is a shared z0ccc.
“Having three or more detectable extensions placed appears to make your fingerprint quite unique.”
From BleepingComputer’s tests, the percentages of users with several common extensions installed are shown below.
There are no extensions installed or enabled in 58.248 percent of cases.
Sole Google Docs Offline, which is the only extension installed by default, is 2.065 percent.
- 0.528 percent – uBlock Origin + Offline Google Docs
- AdBlock + Google Docs Offline = 0.238 percent
- Adobe Acrobat + Google Docs Offline – 0.141 percent
- 0.122 percent – Google Docs Offline + Google Translate
- Malwarebytes Browser Guard 0.019 percent
- Grammarly + Google Docs Offline = 0.058 percent
- 0.058 percent – Google Docs Offline + LastPass
- Honey + Google Docs Offline = 0.051 percent
- ColorZilla + Google Docs Offline = 0.013 percent
Installing three to four extensions reduced the percentage of users using the same extension to 0.006 percent in our tests. Obviously, the more extensions that are installed, the fewer persons will have the same combination.
The 0.006 percent suggests that you are the sole person with that combination of extensions, according to z0ccc, but this will change as more people visit the site.
Extension Fingerprints is now available on GitHub as an open-source React project, allowing anyone to see how to query for installed extensions.
Update 6/19/22: Clarified that z0ccc discovered the timing comparison method, not the mechanism to detect installed extensions.
