Chrome Extensions Detection

Websites can detect the presence of a Chrome extension in a user's web browser by requesting the web accessible resources specified in the extension's manifest file. This information can be used to personalize the user experience, identify potential targets for phishing attacks, or for browser fingerprinting purposes.

This tool scans the web accessible resources of the commonly used Chrome Web Store extensions, it also shows that certain extensions can still be identified despite efforts to prevent detection.

Chrome Not Found

Chrome Extensions Fingerprint

Extensions Hash

Web Accessible Resources Detection

Extensions
Detected 0 of 1000 Extensions

Protected WAR's timing attack

uBlock Origin
AdGuard
DuckDuckGo
Privacy Badger
Decentraleyes

Web Accessible Resources Detection

Detection is done by probing chrome-extension://<id>/<web_accessible_resources> address.

Extension ID is taken from a Web Store URL:

  1. https://chrome.google.com/webstore/detail/google-translate/aapbdbdomjkkjkaonfhkkikfgjllcleb

Inspect the extension sources to find the 'web_accessible_resources' key in the manifest.json file:

  1. // Manifest V2
  2. "web_accessible_resources": [
  3. "options.html"
  4. ]
  1. // Manifest V3
  2. "web_accessible_resources": [
  3. {
  4. "resources": [ "options.html" ],
  5. "matches": [ "<all_urls>", "https://*/*", "*://*/*" ],
  6. }
  7. ]

If a script is able to fetch the resource, the extension is running:

  1. fetch("chrome-extension://aapbdbdomjkkjkaonfhkkikfgjllcleb/options.html")
  2. .then(() => {
  3. console.log("Google Translate detected");
  4. })
  5. .catch(() => {
  6. console.log("Google Translate not detected");
  7. });

Timing Attack for Web Accessible Resources

Some extensions have implemented protection against requesting web accessible resources from the web, by generating a secret token on each request. This protects against reading and including resources on the web page, but doesn't quite protect against detection.

It is possible to measure how long a request takes, and based on this, infer whether the extension is enabled or not. Fetching an enabled extension will, in most cases, take slightly longer than fetching a non-existent, uninstalled, or disabled one. We receive an error and cannot read the file, but the extra delay indicates that the resource exists.

  1. chrome-extension://fakeiddddddddddddddddddddddddddd/web_accessible_resources/noop.txt
  2. fake extension: we made 100 requests, average request time: 0.33ms
  3. chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/web_accessible_resources/noop.txt
  4. uBlock Origin : we made 100 requests, average request time: 0.48ms
  5. 82/100 of requests to "cjpalhdlnbpafiamejdnhcphjbkeiagm" were slower, means we have uBlock enabled

This is an internal issue with Chrome, and this behavior cannot be fixed by add-on developers.

It is important to note that Brave is the only Chromium-based web browser that is not affected by this.

Further Reading

Leave a Comment (48)