We can all agree that, because we perform so many actions online that involve our sensitive data and money, staying safe and under the radar of malicious entities should be our top priority.

  • While online, personal data security should be mandatory for everyone involved.Researchers warn users of new threats they face while using popular browsers.The scheme flood vulnerability allows for targeted advertisement and user profiling.Users with VPNs are also affected and there are no known fixes yet for this issue.

Choices we make while on the internet, as well as our preferences, could be used by advertisers, malevolent individuals, and other third parties to create certain pattern algorithms.

These browsers are vulnerable to scheme flooding

Even though new security measures, features, and updates are applied all the time, Firefox, Chrome, Safari, and Tor are the four browsers that are vulnerable to this sort of exploits.

Senior software engineer and researcher Konstantin Darutkin spoke about this phenomenon and warned users worldwide about the potential implication that such actions could have.

These operations have been dubbed “scheme flooding” by the group of researchers, because of the fact that the attackers are able to use the browsers’ built-in custom URL scheme against us.

By using this technique, our devices are flooded with URL scheme requests used for acknowledging the presence of popular apps like Spotify, Zoom, Slack, Telegram, Discord, Steam, Xcode, Microsoft Word, NordVPN, or Hotspot Shield.

The scheme flood vulnerability allows for targeted advertisement and user profiling without user consent. The list of installed applications on your device can reveal a lot about your occupation, habits, and age. For example, if a Python IDE or a PostgreSQL server is installed on your computer, you are very likely to be a backend developer.

The more disconcerting news is that this can happen even if the users switch between browsers or try using a VPN, or incognito mode.

According to the researchers, this manner of virtual intrusion can also be successfully used on other browsers, such as Brave, Microsoft Edge, and Yandex.

A combination of CORS policies and browser window features can be used to bypass the safety mechanisms.

Although this issue didn’t just emerge overnight, it seems that the developers of the browsers above mentioned have not yet grasped the magnitude of the situation.

It remains to be seen how quick the tech companies will react and, more important, fix these privacy mishaps. It goes without saying that users will not be pleased to hear this news.

This vulnerability has been possible for more than 5 years and its true impact is unknown.

In the meantime, remember that until this vulnerability is fixed, the only way to have private browsing sessions not associated with your primary device is to use another device altogether. 

Let us know in the comments section below if you had such security concerns until now and how you addressed them.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

  • Safari Browser

Email *

Commenting as . Not you?

Comment