"Scheme Flooding Bug Threatens to Sink User Privacy"

Researchers at the security provider FingerPrintJS discovered a vulnerability that can enable websites to track users across different desktop browsers, including Google Chrome, Apple Safari, Mozilla Firefox, and Tor, posing a significant threat to user privacy. They have explained how malicious actors can use a technique called scheme flooding to see what sites users are visiting even when they switch browsers, enable incognito mode, or access the Internet via a Virtual Private Network (VPN). The exploitation of the scheme flooding flaw allows sites to ping multiple third-party applications, such as Skype or Zoom, and then use the ping responses to create a list of apps on the user's system. This list can then be used to fingerprint a user across multiple browsers and Internet connections. A website could identify individuals for more sinister purposes based on the apps installed on a device. For example, a website may detect a government or military official on the Internet depending on their installed apps. The website may also associate browsing history that is supposed to be anonymous. According to the FingerPrintJS researchers, the scheme flooding bug stems from the way in which a website uses Application Program Interface (API) calls to bring up an application. This article continues to discuss the source and potential impact of the scheme flooding bug. 

SearchSecurity reports "Scheme Flooding Bug Threatens to Sink User Privacy"