When we go online and type in a search term or website into a browser we rarely give it second thought. We simply click and go.
But web browsers store an incredible amount of sensitive information about you which can potentially be exploited by cyber criminals, tracked by others and sold on to advertisers.
There are several types of data that your browser stores. The following five are commonplace:
  • When you visit a website, information about web pages such as the URL, page title and time you visited are stored. 
  • HTTP Cookies are sent from a website and stored on your computer by the web browser while browsing. 
  • Local Storage is an upgraded form of cookie that also allows more data to be stored locally, that is, in your browser. 
  • Modern browsers all have some type of password manager where login information for various sites is stored in a single place and remembered in your browser. 
  • Autofill allows a browser to fill out commonly entered information in a web form for you.
Many popular websites also store some level of geolocation information about the user on their local system and a user’s IP address.
This involves the use of cookies that store potentially sensitive items from popular services, including account usernames, associated email addresses, search terms, titles of viewed emails and documents, and downloaded files. The cookies that hold this information are in your web browser.

Browser malware

Creating malware to harvest information stored in a browser is straightforward, and variants of this type of malware has been around for years, including the Cerber, Kriptovor, and CryptXXX ransomware families.

Avenues of attack

There are a number of ways in which data can be gleaned from your browser: 
  • An attacker could compile a list of applications you commonly log into based your URL history, including work applications and personal finance sites. This can help an attacker craft convincing phishing emails to try and trick users into exposing their passwords. 
  • As such it can be simple for an attacker to learn the name of your bank. If you save your username and password in web forms or the browser’s password manager, your information is vulnerable. 
  • Extracting historical location information from a web browser can paint a picture of a user’s habits and past activities. A determined attacker can get multiple data points to help corroborate different geolocation data points to establish when you are at work and when you are at home, for example. 
  • With access to your URL history, an attacker can learn about your personal interests. If your hobbies or interests are controversial, unusual or even illegal, you may fall victim to online blackmail. 
  • It’s possible to extract information about what other devices a user owns by examining browser history. Some browsers explicitly sync records from multiple devices to each other. By looking at this information, it may be possible to find a device that a user is trying to keep hidden, or to connect a personal machine to a work machine.
There are many ways you can close these potential vulnerabilities such as disabling cookies and autofill forms and deleting search histories.
However, the most effective method is to use a virtual private network (VPN). A VPN masks your web browsing activity so no one can identify the websites you are visiting, or the services you are accessing.
Of course information is still in your browser, but if you can’t be identified, then your browser can’t be accessed.

VPN service

  • BullGuard VPN gives you the flexibility to safely and securely access the internet and online services from home, work or abroad. 
  • In short you gain complete online privacy and freedom from hackers, internet security providers and advertisers snooping on your data. 
The annual subscription fee is much less than a cup of coffee each day and you can use it on six devices.