Is it possible for one browser to read/write cookies of another one?

I'm not looking for a way to synchronize cookies between browsers, this has been answered here.

I'd like to know, if Chrome could read/write Firefox's cookies, with or without me realizing. (Or any other combination of browsers...)

Is this, maybe, prohibited by some OS-mechanism? Firefox itself could hardly protect its cookies, while not running...

Would there be a way to detect this?

How could I make sure, that Firefox-Cookies are not read by Chrome and added to my Google profile? Is it enough to use Firefox for websites, that I don't want in my Google history? (e.g. banking...)

user340165

Posted 2014-07-01T07:51:54.910

Reputation:

Sounds like a XY problem. What problem are you trying to solve? Do you want a separate, isolated browser? Which one is your preferred browser?

– gronostaj – 2014-07-01T08:20:42.397

1I'm not trying to solve any problems; I'm trying to be clear of the concept. If a cookie is just a .txt-snippet of some sort, what would prevent browser A to sniff around in browser B's cookies? I'm asking without a preferred browser in my mind or anything like that. – None – 2014-07-07T09:43:39.910

Answers

Cookies are per-browser, but plugins (such as Flash) have their own storage and can be used to share information between browsers. Nowadays I believe Chrome has its own sandboxed Flash, so it's possible that this also has its own storage.

That being said, browsers in theory can generally read each others cookies, as cookies are nothing more than files on the filesystem. But to the best of my knowledge (I didn't bother to check), browsers do not have code to do this. With an extension with filesystem access this can be possible, though.

If there is a large security hole in one browser that would allow filesystem access from JavaScript, it is possible for a website to steal cookies from another browser, although I would think that in such a case, cookie stealing will be the least of your worries.

On Red Hat Enterprise Linux and siblings, SElinux is enabled by default. SElinux gives contexts to files and processes. This actually makes it possible to prevent a browser on the OS level from reading the cookies of another browser.

jornane

Posted 2014-07-01T07:51:54.910

Reputation: 977

Absolutely not, cookies are an application level not OS-level feature. There is also no facility for a webpage to access cookies other than for their explicit domain in the current browser, in the same way there is no functionality for a webpage to access any files on a user's machine unless given explicit permission (eg. a file upload).

James

Posted 2014-07-01T07:51:54.910

Reputation: 206

Plain HTTP cookies are specific to a browser. But there are other technologies that can achieve similar functionality as cookies. Techniques called "supercookie" or "zombie cookie" can be used to restore cookies after user deleted them. This often uses Flash or other plugin storage. Now if this storage can be shared across browsers, the mechanism will recreate cookies from one browser on the other. Another way is to get some machine identifier - if you can consistently obtain machine id, your webserver can recognize that browsers are installed on same machine, and synchronize cookies between them.

Agent_L

Posted 2014-07-01T07:51:54.910

Reputation: 1 493

In short, a browser cookie will not be read across browsers as long as you quit a browser before using another. A supercookie is generally stored in macromedia folder in #sharedobjects, but can get into other places as well. A supercookie will launch with whatever you use to access the web The new threat is writing on your jpg images with invisible fonts. Pay attention to companies that offer elite protection and hijack services to keep up on tracking devices in a computer.

Jim

Posted 2014-07-01T07:51:54.910

Reputation: 1