Scheme Flooding vulnerability reveals user privacy
Fingerprintjs, a developer of network fraud detection solutions, was researching anti-fraud technologies, it unexpectedly discovered that major browsers have program flood vulnerabilities.
The test found that Google browser, Firefox browser, Tor Onion browser, and Apple Safari browser are all affected by this vulnerability and easily reveal user privacy.
Microsoft browser currently also uses the open-source browser project led by Google, so it is likely to also be affected, which means that the current global mainstream browsers are affected.
The ad network can use this vulnerability to retrieve the list of applications that the user has installed, and then use the application list to generate a unique identifier for the user.
The core of the Scheme Flooding vulnerability is to read the software installed by the user. This type of data can be used to guess the user’s personal information.
For example, when a user installs a database or code editor software in the software, it means that the user may be a developer who can recommend development ads.
If the user installs entertainment software, he can recommend computer hardware, electronic products, or games to the user, which can improve the accuracy of advertisement recommendations.
It is worth noting that this kind of vulnerability is unavoidable to be tracked whether the user uses the incognito mode or the virtual private network, and of course the user cannot find it.
In addition, the identifier generated based on this vulnerability can be tracked across browsers, so even if the user changes to a different browser, the advertising network will not change.
The so-called program flood vulnerability is actually the browser opening method of various software registrations. For example, “to check if an application is installed, browsers can use built-in custom URL scheme handlers. You can see this feature in action by entering skype:// in your browser address bar. If you have Skype installed, your browser will open a confirmation dialog that asks if you want to launch it.”
The ad network can use a special script to initiate browser calls of commonly used software in batches. If the call is successful, it means that the user’s computer has installed the corresponding software.
Researchers discovered that the development team of Google Chrome has actually known the existence of this vulnerability, so there is already protection against this vulnerability in Google Chrome.
However, this protection can be bypassed, so you can still continue to read the user’s installed software list. I don’t know if Google Chrome will be repaired in the future.
Onion Browser is recognized as the best privacy protection browser but it is also affected by this vulnerability.
Researchers said that this vulnerability has been in existence for at least five years, but there is no website that actually exploits this vulnerability, and the vulnerability is not easy to fix.
Because if you disable the browser call, it may affect the normal use of the user. For example, you cannot directly call software from the web page every time the user opens it.