Security researchers from the University of Deusto and Eurecom (French research center) found two new vulnerabilities in extension systems installed in most browsers, such as Safari, Firefox, Chrome, Opera, and others.
The researchers have found that these vulnerabilities can be exploited by an attacker to reveal a list of the victim’s installed extensions and use this data to track users based on their installed extensions, to uncover anonymous users hiding behind VPN or Tor traffic, or to create advertising profiles.
According to researchers:
“All major web browsers support browser extensions to add new features and extend their functionalities. Nevertheless, browser extensions have been the target of several attacks due to their tight relation with the browser environment. As a consequence, extensions have been abused in the past for malicious tasks such as private information gathering, browsing history retrieval, or passwords theft — leading to a number of severe targeted attacks.”
The researchers showed that the modern countermeasures used by all browser families are not enough or mistakenly implemented. They presented a novel time side-channel attack against the access control settings used by the Chromium browser family.
This method is able to recognize any installed extension. Firefox WebExtensions and Microsoft Edge (early states) follow the same API and design, showing that they may be prone to be vulnerable to the attack.
“We responsibly disclosed all our findings and we are now discussing with the developers of several browsers and extensions to propose the correct countermeasures to mitigate these attacks in both current and future versions,”