“We found that several popular sites – including an Alexa global top-100 site – make use of history sniffing to exfiltrate information about users’ browsing history, and, in some cases, do so in an obfuscated manner to avoid easy detection,” the report states. “While researchers have known about the possibility of such attacks, hitherto it was not known how prevalent they are in real, popular websites.”
The 46 sites exploit a widely known vulnerability that currently exists in all production version browsers except of Apple’s Safari, which earlier this year revamped its operating system to combat the threat. Google Chrome, which is based on the same Webkit engine, soon followed.
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact email@example.com). If you are an existing user, please log in. If you have forgotten your log-in details please email firstname.lastname@example.org to get them reset!