Security News > 2020 > December > Chrome, Edge and Firefox May Leak Information on Installed Apps
Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports.
The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.
In Windows, there are three different keys used for the management of URL handlers, and web browsers would prompt users to choose a different application to handle URLs containing non-http schemes.
By exploring possible ways to abuse this feature, Kerner discovered that Firefox could leak protocol handlers.
An attacker could exploit these issues to identify social apps used by the target, perform general reconnaissance, identify potentially vulnerable apps on the system, identify installed security solutions, or improve browser fingerprinting.