Websites Can Detect What Chrome Extensions You've Installed 131
dsinc writes "A Polish security researcher, Krzysztof Kotowicz, makes an worrisome entry in his blog: with a few lines of Javascript,
any web site could list the extensions installed in Chrome (and the other browsers of the Chromium family). Proof of concept is provided here. As there are addons which deal with very personal things like pregnancy or religion, the easiness of access to those very private elements of your life is really troubling." Note: the proof of concept works, so don't click that link if the concept bothers you.
Well, there it is: (Score:4, Funny)
This is amazing (Score:5, Funny)
So let me get this straight - I can click on that link right now in Firefox and it's going to tell me what Chrome extensions I have installed? Unbelievable!
Re:Only a partial list (Score:5, Funny)
The proof-of-concept listed only four out of my ten enabled extensions. Among those left out were Google Calendar, UA Spoofer, and Pastebin, among others. I'd say this 'exploit', if we can call it that, has a long way to go...
That's because you only saw the first part of the exploit.
The full exploit procedure is this:
1. Direct someone at a website that lists a few of their installed extensions.
2. Scan slashdot to find that person moaning about how crap the exploit is and look at the "missed" extensions they list in their comment.
3. Combine the results of (1) and (2) to acquire a complete list of installed extensions for that person.
Re:Well, there it is: (Score:5, Funny)
I'm sure given time and the history of IE it probably doesn't need an extension to tell if you're pregnant...
An extension is still going to be required to get someone pregnant.
Re:Websites can discriminate against Adblock users (Score:5, Funny)
Re:Well, there it is: (Score:4, Funny)
Re:Only a partial list (Score:5, Funny)
Don't you realize? The actual exploit is in getting people to comment and list all the extensions that were missed, getting the list from the source.
Re:Well, there it is: (Score:2, Funny)
Some would suggest that if you're using IE you're already screwed
Ahh.. but that type of screwing can't get you pregnant.