Security News > 2021 > May > Cross-browser tracking vulnerability tracks you via installed apps
Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device.
"Cross-browser anonymity is something that even a privacy conscious internet user may take for granted. Tor Browser is known to offer the ultimate in privacy protection, though due to its slow connection speed and performance issues on some websites, users may rely on less anonymous browsers for their every day surfing," explains a new vulnerability report by FingerprintJS' Konstantin Darutkin.
To perform cross-browser tracking using scheme flooding, a website builds a profile of applications installed on a device by attempting to open their known URL handlers and checking if the browser launches a prompt.
As the installed applications on a device are the same regardless of the browser you are using, this could allow a script to track a user's browser usage on both Google Chrome and an anonymizing browser such as Tor.
"The built-in Chrome PDF Viewer is an extension, so every time your browser opens a PDF file it resets the scheme flood protection flag. Opening a PDF file before opening a custom URL makes the exploit functional," explains Darutkin.
Until browsers add working mitigations for this attack, the only way to prevent this method of cross-browser tracking is to use a browser on a different device.