YOUR Google Chrome extensions could land you in hot water.
That’s because hackers can easily use the popular browser add-ons to track you across the web, according to one researcher.
1
The cyber buff, who goes by “z0cc”, created a website that uses the extensions installed on someone’s PC to create a digital “fingerprint”.
That fingerprint can then be used to identify the user and track their activity across the web.
If cyber crooks were to get hold of that information, they could use it to target you with scam attacks.
Z0cc posted their findings to Reddit and Github, a website where software developers can share their creations.
It has long been known that it is possible to construct fingerprints, also known as tracking hashes, to track users on the web.
They are constructed using unique details about a device that connects to a website.
Fingerprints are used legitimately by companies in the form of website cookies to help them target adverts and collect data.
However, they can also be used for nefarious purposes, tracking a user’s browser history, location and more in order to scam them.
Most read in Tech
If a scammer knows what websites you visit, for instance, they can use this information to hit you with phishing attacks.
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.
The website, however, is phoney with fake content designed to persuade a victim to enter sensitive information, like a password or email address.
Z0cc showed that it’s possible to create a tracking hash for the extensions installed on someone’s Google Chrome browser.
The website can recognise any of the 1,170 most popular extensions of the Chrome Web Store.
They include Adobe Acrobat, Grammarly, Honey, LastPass, Rakuten, and uBlock.
Once the website has identified someone’s extensions, a unique fingerprint can be created to track the victim across the web.
There’s no evidence that this technique has been used by cybercriminals.
It adds to the myriad of ways that companies and crooks can track people online.
Following regulatory threats, companies like Google provide some ways to monitor and delete the data that they collect about you.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
