Caroline Haskins motherboard.vice.com

Old school 'sniffing' attacks can still reveal your browsing history

Several major browsers you and I use everyday are capable of leaking our browsing history, and they all know about it. Caroline Haskins at Motherboard writes:

Most modern browsers—such as Chrome, Firefox, and Edge … have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user’s web history, per new research from the University of California San Diego.

In a statement provided to Motherboard via email, senior engineering manager of Firefox security Wennie Leung said that Firefox will “prioritize our review of these bugs based on the threat assessment.” Google spokesperson Ivy Choi told Motherboard in an email that they are aware of the issue and are “evaluating possible solutions.”

Ben Adida shared this on Twitter:

When first web history sniffing attacks came out, I suggested we had to change the notion of a visited link: a link would be marked visited by origin (edges, not nodes.) That was considered too dramatic a change. Maybe it’s necessary after all.

Who’s ready to dig into this research and share how vulnerable we really are and what types of malicious websites could/would extract our browsing history? If you do, let us know so we can link it up.


Comments

Sign in or join to comment

Adam Stacoviak

Adam Stacoviak

Houston, TX

Founder and Editor-in-Chief of Changelog. Hacker to the heart.

2018-11-07T01:22:21Z ago

Michael Egorov asked on twitter, “Is @brave affected also?”

After looking further into the research, the answer is yes, this also affects Brave. Here’s a pull quote from the white paper’s Abstract.

We evaluate the attacks against four major browsers (Chrome, Firefox, Edge, and IE) and several security-focused browsers (ChromeZero, Brave, FuzzyFox, DeterFox, and the Tor Browser). Two of our attacks are effective against all but the Tor Browser, whereas the other two target features specific to Chromium-derived browsers.

0:00 / 0:00