large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Chrome bug lets hackers deduce your demographics with “guessing game”

Security company Imperva is urging all Chrome users to patch to version 68 after uncovering a loophole which could allow a determined hacker to figure out your key demographic data through a browser-based “guessing game”.

The bug exploits Audio/Video HTML tags which then generate requests to a target resource. A hacker could inject hidden tags into websites and then listen in on their requests, gradually figuring out a user’s hidden personal information through the process of elimination.

As the company explains in an accompanying blog post: “This information can then be used to “ask” a series of yes and no questions about the browser user, by abusing filtering functions available on social media platforms like Facebook.”

Related: Best VPN

A hacker could, for example, create a Facebook post, and then filter it for specific ages and genders, figuring out where the user falls by the response size. “With several scripts running at once — each testing a different and unique restriction –, the bad actor can relatively quickly mine a good amount of private data about the user,” the company explains, but notes that this could also apply to Google and “likely many other web platforms.”

This may not sound hugely useful in and of itself, but running a malicious script on a site that requires an email address could tie key demographic stats to a specific person.  

The bug affects all browsers running the Blink engine which chiefly means Chrome, but also browsers built on Chromium, such as Vivaldi and Amazon Silk. The good news is that Chrome is already patched, and if you’re running version 68 (released in late July) you should already be immune to this exploit. If you’re not, Imperva recommends you update as a matter of urgency.

Are you worried about browser exploits invading your privacy? Let us know on Twitter: @TrustedReviews

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.