published tools with the implementation of the method for determining the additions established in the Chrome browser. The resulting list of additions can be used to increase the accuracy of a passive identification of a specific instance of the browser, in combination with other indirect signs, such as the screen resolution, the WebGL features, lists of installed plugins and fonts. The proposed implementation checks the installation of more than 1000 additions. To verify your system, online-demonstration . . As a rule, add -ons include various related files, such as images that are determined in the add -up manifesto with the property web_accessorces/”> web_accessorces/”> web_accessorces/”> web_accessorces/”> work >. In the first version of the Chrome manifesto, access to resources was not limited and any site could download the resources provided. In the second version of the manifesto, access to such resources by default was allowed only for the addition itself. In the third version of the manifesto, it was possible to determine which resources can be given to what additions, domains and pages.
Web pages can request a resources supplied in addition using the method fetch (for example, “Fetch (‘Chrome- Extension: //okb….nd5/test.png’)”)), the return of which “FALSE” usually indicates that the addition has not been established. To block the determination of additions on the availability of resources, some additions generate a verification token necessary for access to the resource. Calling Fetch without specifying token always ends in failure.
As it turned out, you can bypass the protection of access to the resources of additions by evaluating the time of the operation. Despite the fact that Fetch, when requesting without token, always returns an error, the time of execution of the operation in the presence and absence of addition is different – if the addition is present, the request will take more time than if the addition is not established. Assessing the reaction time, you can accurately determine the presence of a addition.
Some additions that do not include available from the resources can be determined by additional properties. For example, the Metamask addition can be determined by assessing the determination of the property of Window.ethereum (if the addition is not installed “TypeOf Window.ethereum” will return the value of “undefined”).