Bizarre Chrome and Firefox flaw exposed Facebook details

5 June 2018

Researchers have discovered a weakness in the way Chrome and Firefox interact with Cascading Style Sheets 3 (CSS3) that could have caused them to leak usernames, profile pictures and likes from sites such as Facebook. The chance discovery was made by researcher Ruslan Habalov when he visited Pinterest and noticed it was “displaying my Facebook name and picture inside an iFramed Facebook button.” Probing deeper, they discovered that the problem was CSS3’s mix-blend-modes, introduced in 2016 and fully supported by Chrome desktop/mobile version 49 from March 2016 onwards, and Firefox desktop/mobile version 59 in March this year.

Read full news article on Naked Security

Date:

5 June 2018

Categorie(s):

NEWS

Tag(s):

Bizarre, CSS, Design, Facebook, Google Chrome, Privacy, Security Pro, Social Networks, Vulnerability

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024