If you have more than three extensions installed, the probability is low that you have exactly the same set as many others, and combined with other available information such as which language Chrome is set to, which time zone you are in and so on, it is possible to produce a unique digital fingerprints that can track you around the web.
Add-on developers have started to protect themselves against this by stopping anyone from reading the add-ons’ installed files, but security researcher “z0ccc” has found a way to bypass the protection and continue tracking users, Bleeping Computer writes.
The security researcher uses a so-called timing attack which involves measuring how long it takes to retrieve resources – resources for extensions that are not installed take less time to get hard (they don’t exist) than resources for installed but protected extensions. In this way, it is possible to scan for common extensions relatively quickly.
This method of obtaining digital fingerprints only works in Chromium-based browsers such as Chrome, new Edge, Opera, Brave and Vivaldi.