Google Chrome’s Latest Version have Privacy Concerns, Researchers Calls ‘Scroll To Text Fragment’ is Risky.


Google Chrome 80 Privacy Threats

After the launch of the latest version of Google Chrome, a researcher of California, The United States, has raised question over a feature which is violating the privacy of the user. The researcher work for another web browsing company, Brave web browser and now he is claiming that the latest update to Chrome which is Google Chrome 80 launched on February 4 have privacy risks that “Google did not address before making it live”.

Scroll To Text Fragment” which is an online report developed by the company early in 2019 and it allowed developers to share a specific word or phrases of a web page instead of entire link. This feature will allow other readers to jump to a particular section of a web page directly.

But the risk with this feature is that it exposes user data to service providers and others which can be a big problem if the data is sensitive.

To use this feature, GitHub, a Microsoft subsidiary, stated that the user would need to create a special URL using this: https://example.com#:~:text=prefix-,startText,endText,-suffix

A Twitter user trying to explain the feature through a video:

So why are analysts alarmed by ‘Scroll To Text Fragment’.

List of posts made by Peter Snyder, who is a senior researcher at Brave browser, through all the post he is clamming that Scroll To Text Fragment feature is an “important feature” but it seems to enable some privacy attacks.

"For example: Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with #:~:text=cancer. On certain page layouts, I might be able tell if the employee has cancer by looking for lower-on-the-page resources being requested", Snyder said adding, "by enabling this feature by the default for all sites rather than allowing sites to opt into the feature, it automatically imposes this potential privacy risk on all sites".

Google said that they are going to address this issue in their next version of Google Chrome (Chrome 82). Google Chrome 80 is live now and going to hosts cross-site tracking, that can prevent security issue caused by cookies vulnerabilities.

 Follow Raveling Tech on Facebook and Twitter for more such technology related posts.



Post a Comment

Previous Post Next Post