Chrome bug lets hackers deduce your demographics with “guessing game”

Security company Imperva is urging all Chrome users to patch to version 68 after uncovering a loophole which could allow a determined hacker to figure out your key demographic data through a browser-based “guessing game”.

The bug exploits Audio/Video HTML tags which then generate requests to a target resource. A hacker could inject hidden tags into websites and then listen in on their requests, gradually figuring out a user’s hidden personal information through the process of elimination.

As the company explains in an accompanying blog post: “This information can then be used to “ask” a series of yes and no questions about the browser user, by abusing filtering functions available on social media platforms like Facebook.”

Related: Best VPN

A hacker could, for example, create a Facebook post, and then filter it for specific ages and genders, figuring out where the user falls by the response size. “With several scripts running at once — each testing a different and unique restriction –, the bad actor can relatively quickly mine a good amount of private data about the user,” the company explains, but notes that this could also apply to Google and “likely many other web platforms.”

This may not sound hugely useful in and of itself, but running a malicious script on a site that requires an email address could tie key demographic stats to a specific person.  

The bug affects all browsers running the Blink engine which chiefly means Chrome, but also browsers built on Chromium, such as Vivaldi and Amazon Silk. The good news is that Chrome is already patched, and if you’re running version 68 (released in late July) you should already be immune to this exploit. If you’re not, Imperva recommends you update as a matter of urgency.

Are you worried about browser exploits invading your privacy? Let us know on Twitter: @TrustedReviews