Your Google Chrome extensions could be used to secretly track you online

Internet cookies technology graphic with tracking website surfing on screen and cookies on background.
(Image credit: Shutterstock)

Web browser extensions could be used as a means of identifying users and tracking them across the web, new research suggests.

Online tracking has been the bane of the internet from the earliest days, but over the last few years people have become increasingly unwilling to put up with invasions of privacy. While some people claim tracking is necessary to provide personalized ads, and thus keep internet services free, others shiver at the thought of companies keeping tabs on what they do online.

Ever since Google announced it would be killing third-party cookies, stakeholders have been looking for viable alternatives. “Fingerprinting” people based on the various characteristics of the device they use emerged as one of the options. Those characteristics include factors like display resolution, fonts, GPU performance, installed apps and more.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Scanning for extensions

Now, another unique feature can be added to the mix, and that’s the extensions people have installed on their browsers.

As per a BleepingComputer report, a web developer going by the alias ‘z0ccc’ built a fingerprinting site called “Extension Fingerprints” that does just that: fingerprints people based on their Google Chrome extensions. 

Some extensions require the use of a secret token to access a web resource as a contingency measure, the researcher says, but there are still methods to learn if an extension is installed on the endpoint or not.

"Resources of protected extensions will take longer to fetch than resources of extensions that are not installed. By comparing the timing differences you can accurately determine if the protected extensions are installed," z0ccc wrote. 

The website scans the visitor’s browser for the existence of 1,170 most popular extensions available in the Google Chrome Web Store. While the method works on Edge (albeit with a few tweaks), it doesn’t work on Firefox users. 

"This is definitely a viable option for fingerprinting users," z0ccc told BleepingComputer. "Especially using the 'fetching web accessible resources' method. If this is combined with other user data (like user agents, timezones etc.) users could be very easily identified."

Via BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fingerprint
Profit over privacy? Google gives advertisers more personal info in major ‘fingerprinting’ U-turn
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract illustration of a young woman looking at a smartphone, as large eyes peek through from her hair
Want to hit restart on your online presence? Here's 5 tools you need to stay truly private online
Latest in Software & Services
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Autonomous finance
Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
finance
Quickbooks vs Xero: which is the best for your business?
Group of people meeting
Zoom vs Google Meet: which is the best video conferencing tool for your business?
Fingers typing on a computer keyboard.
Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?
Latest in News
Google Pixel 9 in green Wintergreen color showing AI features on screen
Multiple hands-on Google Pixel 9a videos have emerged, days ahead of the likely launch
A man getting angry with his laptop.
Windows 11 bug deletes Copilot from the OS – is this the first glitch ever some users will be happy to encounter?
Teams on iPhone and Mac
Microsoft Teams has a whole new way for you to talk to (or annoy) your co-workers
Huawei Watch Fit 3
The Huawei Watch 3 is a decent Apple Watch alternative, and its successor could be close at hand
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung's latest software upgrade could mean Galaxy phones beat iPhones for gaming – but you can't get it yet
iPhone Home Screen
iOS 19 is set to usher in a major redesign – here are 4 things being tipped for the upcoming overhaul