Its sound's wired, but that's true. Over a year, popular web-browsers were leaking Facebook users personal data leaving them prone to hacking. This has been proved by the researcher and couple of days ago, he have revealed its research work. The leaked data contained Facebook usernames, profile pictures, and details about the likes.
This persistent Facebook data leak occurred due to a bug in these browsers. Precisely, the bug was caused due to the implementation of a new Cascade Style Sheets (CSS) feature known as ‘mix-blend-mode’. This feature was mainly introduced in CSS3 standard in 2016.
Google security researcher Ruslan Habalov have posted a blog post about his research on Thursday, describes all the details about the bug. In this research he was not alone, Dario Weißer , another security researcher have worked together to bring this bug forward and proved it.
At the very beginning, Habalov found his Facebook username and profile photo being displayed inside an iframed Facebook button on Pinterest’s homepage. Apparently, Pinterest cannot access the content from the iframe owing to the same-origin policy, this brings him to catch this issue.
Both of them have tested different CSS features like rotation, transparency, and mix-blend-mode. By doing so, they discovered a bug that allowed side-channel attacking the CSS feature mix-blend-mode. This feature was introduced beginning 2016 with CSS3 and is available in browsers like Firefox and Chrome.
Another Researcher was also Here
Hablov, have wrote that he was not the first person to notice this bug, but another independent researcher Max May had already reported this issue to Google via Chromium. After that they have highlighted the issue to Facebook, and Mozilla.
Now the good news is that Google had fixed this issue on last December 2017 with the release of Chrome 63, whereas Mozilla released the fix two weeks ago with its Quantum version 60.0.
We always recommend our readers to get your system update, with the other apps too. If you haven't updated your browser then do it now.
This persistent Facebook data leak occurred due to a bug in these browsers. Precisely, the bug was caused due to the implementation of a new Cascade Style Sheets (CSS) feature known as ‘mix-blend-mode’. This feature was mainly introduced in CSS3 standard in 2016.
Google security researcher Ruslan Habalov have posted a blog post about his research on Thursday, describes all the details about the bug. In this research he was not alone, Dario Weißer , another security researcher have worked together to bring this bug forward and proved it.
At the very beginning, Habalov found his Facebook username and profile photo being displayed inside an iframed Facebook button on Pinterest’s homepage. Apparently, Pinterest cannot access the content from the iframe owing to the same-origin policy, this brings him to catch this issue.
Leaking the Facebook username (left) and profile picture (right) out of an embedded Facebook Iframe |
Another Researcher was also Here
Hablov, have wrote that he was not the first person to notice this bug, but another independent researcher Max May had already reported this issue to Google via Chromium. After that they have highlighted the issue to Facebook, and Mozilla.
Now the good news is that Google had fixed this issue on last December 2017 with the release of Chrome 63, whereas Mozilla released the fix two weeks ago with its Quantum version 60.0.
We always recommend our readers to get your system update, with the other apps too. If you haven't updated your browser then do it now.