Browsers leak installed extensions to sites
By Martin Brinkmann | August 29, 2017
Security researchers have discovered flaws in the extensions systems of all modern browsers that attackers may exploit to enumerate all installed browser extensions.
The attack affects all modern browsers. The researchers confirmed it in Chromium-based browsers, and believe that it affects other browsers like Firefox or Edge which use the same extensions system as well. Firefox’s legacy add-on system is also vulnerable to the attack.
Chromium-based browsers like Google Chrome, Yandex and Opera, and Firefox-based browsers like Firefox or Pale Moon, and Microsoft Edge, are affected.
All browsers protect extension data from being accessed directly by websites visited in the web browser. The past has shown however that sites may use various techniques to scan for installed add-ons.
…
Since these attacks rely on scripts, any script blocker protects against it. (via Born / Bleeping Computer)
Read the full article here
