Now Reading
New browser exploit can track users regardless of their security settings

New browser exploit can track users regardless of their security settings

by AshwinOctober 28, 2015

Online security is becoming more and more complex with each passing day.


It is one thing to use an antivirus and firewall to protect your PC from attacks, malwares and viruses.

But staying safe while browsing the web, requires a bit of precautions. You must be already be aware of the fact that websites do track user information such as searches, for serving advertisements. That is how websites actually make money, but not everyone (read anyone) likes their data to be tracked, for the sake of privacy.

Modern browsers have several security add-ons and extensions, to prevent the user’s browsing data from being tracked. The question, is to what extent these addons improve the browser’s security.

One could of course use an ad-blocker add-on to prevent these tracking to a certain extent. But no add-on can guarantee total privacy. Neither does the browser’s private browsing mode, also called as Incognito mode. And if you think the add-ons you use make you safe, allow me to say that is not the case.

Security researcher, security researcher Yan Zhu, made a finding which will stun you. A new browser exploit has been discovered, which can track users regardless of their security settings.

What happens in this scenario, is that the browser checks the certificate for each website, which you have visited using the browser, and by using this you can have a list of all the sites you have been to. Basically what the exploit does, is that it tries to load images from different websites, to detect if your browser can connect to the website securely.

If the exploit discovers that it can connect to the website, it means that you have previously visited the site browser, which in turn stores a HSTS (HTTP Strict Transport Security) pin to identify you.

Digital Trends reports that Zhu’s website, stands as a statement of proof, and that visiting it from any browser will show you how the exploit works. It will list all of the sites, which you have visited accurately.

Of course, this is actually pretty harmless as it only lists the websites you have visited, and not the pages you were actually on. But it’s still a bit scary, because there will always be the chance that such security flaws can be exploited by attackers.

Oh, and this exploit is a new one and has not been patched by any browser maker yet, and that includes Mozilla Firefox and Google Chrome.