search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.72k stars 2.31k forks source link

[windows] Fonts fingerprint leak #28851

Open uazo opened 1 year ago

uazo commented 1 year ago

Description

Because of the direct-write management of fonts in Windows, it is possible to recover the presence of some fonts (such as Arial Narrow) using css with font-streatch.

Steps to Reproduce

Arial Narrow must be present in the system. use:

    font-family: Arial;
    font-stretch: condensed;

text is rendered with "Arial Narrow" font. correctly instead font-family: Arial Narrow; is not rendered.

Actual result:

image

Expected result:

theoretically should not be visible

Reproduces how often:

always

Brave version (brave://version info)

v1.48.171

Miscellaneous Information:

I was developing a similar patch and noticed the bug. I wanted to report it.

pilgrim-brave commented 1 year ago

relevant: https://learn.microsoft.com/en-us/windows/win32/directwrite/font-selection

pilgrim-brave commented 1 year ago

We probably need to check the font family whitelist after FontFallback::MapCharacters calls family->GetFirstMatchingFont, which seems to be where DirectWrite does its magic to decide that font-family: Arial; font-stretch: condensed should be treated as font-family: Arial Narrow

https://source.chromium.org/chromium/chromium/src/+/main:content/child/dwrite_font_proxy/font_fallback_win.cc;l=150

uazo commented 1 year ago

I followed another approach, which is to request the GDI name and block it if it is not present in a standard installation.