Chrome Extensions Detection
Websites can detect the presence of a Chrome extension in a user's web browser by requesting the web accessible resources specified in the extension's manifest file. This information can be used to personalize the user experience, identify potential targets for phishing attacks, or for browser fingerprinting purposes.
This tool scans the web accessible resources of the commonly used Chrome Web Store extensions, it also shows that certain extensions can still be identified despite efforts to prevent detection.
Chrome Extensions Fingerprint | ||
| Extensions Hash | ||
Web Accessible Resources Detection | ||
| Extensions |
Detected 0 of 1000 Extensions
|
|
Protected WAR's timing attack | ||
| uBlock Origin | ||
| Decentraleyes | ||
Web Accessible Resources Detection
Detection is done by probing chrome-extension://<id>/<web_accessible_resources> address.
Extension ID is taken from a Web Store URL:
- https://chromewebstore.google.com/detail/google-translate/aapbdbdomjkkjkaonfhkkikfgjllcleb
Inspect the extension sources to find the 'web_accessible_resources' key in the manifest.json file:
- // Manifest V2
- "web_accessible_resources": [
- "popup_css_compiled.css"
- ]
- // Manifest V3
- "web_accessible_resources": [
- {
- "resources": [ "popup_css_compiled.css" ],
- "matches": [ "<all_urls>", "https://*/*", "*://*/*" ],
- }
- ]
If a script is able to fetch the resource, the extension is running:
- fetch("chrome-extension://aapbdbdomjkkjkaonfhkkikfgjllcleb/popup_css_compiled.css")
- .then(() => {
- console.log("Google Translate detected");
- })
- .catch(() => {
- console.log("Google Translate not detected");
- });
Timing Attack for Web Accessible Resources
Some extensions have implemented protection against requesting web accessible resources from the web, by generating a secret token on each request. This protects against reading and including resources on the web page, but doesn't quite protect against detection.
It is possible to measure how long a request takes, and based on this, infer whether the extension is enabled or not. Fetching an enabled extension will, in most cases, take slightly longer than fetching a non-existent, uninstalled, or disabled one. We receive an error and cannot read the file, but the extra delay indicates that the resource exists.
- chrome-extension://fakeiddddddddddddddddddddddddddd/web_accessible_resources/noop.txt
- fake extension: we made 100 requests, average request time: 0.33ms
- chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/web_accessible_resources/noop.txt
- uBlock Origin : we made 100 requests, average request time: 0.48ms
- 82/100 of requests to "cjpalhdlnbpafiamejdnhcphjbkeiagm" were slower, means we have uBlock enabled
This is an internal issue with Chrome, and this behavior cannot be fixed by add-on developers.
It is important to note that Brave is the only Chromium-based web browser that is not affected by this.
Further Reading
- Discovering Browser Extensions via Web Accessible Resources – Chalmers
- Protecting Browser Extensions from Probing and Revelation Attacks – NDSS
- Detection of uBlock Origin in Chrome via web_accessible_resource timing side channel #1572 – GitHub