Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
Published 05/13/2021 – Konstantin Darutkin, Researcher and Developer
In this article we introduce a scheme flooding vulnerability, explain how the exploit works across four major desktop browsers and show why it's a threat to anonymous browsing.
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
DISCLAIMER: FingerprintJS does not use this vulnerability in our products and does not provide third-party tracking services. We focus on stopping fraud and support modern privacy trends for removing third-party tracking entirely. We believe that vulnerabilities like this one should be discussed in the open to help browsers fix them as quickly as possible. To help fix it, we have submitted bug reports to all affected browsers, created a live demo and have made a public source code repository available to all.
Test the vulnerability on our live demo site. Works on desktop browsers only.
Published 05/13/2021 – Konstantin Darutkin, Researcher and Developer
In this article we introduce a scheme flooding vulnerability, explain how the exploit works across four major desktop browsers and show why it's a threat to anonymous browsing.
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
DISCLAIMER: FingerprintJS does not use this vulnerability in our products and does not provide third-party tracking services. We focus on stopping fraud and support modern privacy trends for removing third-party tracking entirely. We believe that vulnerabilities like this one should be discussed in the open to help browsers fix them as quickly as possible. To help fix it, we have submitted bug reports to all affected browsers, created a live demo and have made a public source code repository available to all.
Test the vulnerability on our live demo site. Works on desktop browsers only.