Chrome, Firefox, and Internet Explorer are vulnerable to an old attack, where the browsing history can be traced. This is evident from recent investigations of a Belgian student from the University of Hasselt. Other browsers run probably risk.
The Belgian student, Aaron, Thijs, examined or browsers, the websites allow the browsing history to find out. Before that, he wrote code that he based on the work of Paul Stone, the researcher, the vulnerability last year the world made.
In his research used Thijs a programming interface to determine whether a web site earlier by the browser is visited. The interface is called requestAnimationFrame and is primarily intended for animations on websites smoother to play. By the interface to invoke on a page with many links, it is possible to the browsing history to find out. This may be due to the difference in the current time and the time when a link changes color if a site has previously been visited.
According to Thijs, in any case, Chrome, Firefox, and Internet Explorer even more vulnerable to the vulnerability, which last year came to light. He thinks that Safari and Opera are at risk. Although Thijs this has not yet been tested, it seems likely that the users of those browsers also at risk. Both have originally the same browserengine as Chrome, namely WebKit.
Thijs warns that the attack in each site can be implemented and that, without the knowledge of the visitor, data to collect, and that can then continue to play. It is not unthinkable that this is happening; in 2010 were websites like YouPorn and PornHub with javascript also the browsing history of users to figure out, what the parties presumably strategic insights offered. “In my example, I checked only Facebook, but the attack could be adapted to a larger set of websites to check,” allow the student to ArsTechnica to know.
The browsermakers have despite the fact that the vulnerability is already known, solutions have not yet been released for the recent vulnerability. Firefoxmaker Mozilla would be working on a softwarepleister. In addition, Chrome developers to think about a fix and is the problem of privacy is also raised with Microsoft. Users that in the meantime, less to risk, can the browser history off.
Update, 19.40 hours – In the article was initially that Thijs vulnerability discovered, but this is incorrect. He used an attack that was based on well-known work of Paul Stone. In addition to the explanations about the functioning of the attack is not correct. The article is on both points adjusted.
Comments
(37)