Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics

Enlarge (credit: Ruslan Habalov)

For a lot more than a yr, Mozilla Firefox and Google Chrome may have leaked users’ Facebook usernames, profile pics, and likes if the users’ browsers visited malicious web-sites that used a slicing-edge hack, researchers reported Thursday.

The facts could be extracted by means of what is known as a aspect-channel vulnerability in the browsers’ implementation of new specifications for cascading design and style sheets introduced in 2016. One of the new functions acknowledged as the “mix-blend-mode” leaked visual material hosted on Fb to web-sites that provided an iframe linking to it and some clever code to seize the details. Commonly, a security idea acknowledged as the identical-origin coverage forbids material hosted on one area to be obtainable to a distinctive area. The vulnerability was major due to the fact it authorized hackers to bypass this bedrock principle for two of the Internet’s most greatly applied browsers.

The leak was independently identified by two different research teams, and it was fixed late last 12 months in variation 63 of Chrome and two weeks ago in Firefox 60. While the updated browsers no for a longer period pose a danger to user privacy, a single of the scientists who uncovered the vulnerability claimed the ever more strong graphics capabilities staying additional in the HTML5 and CSS benchmarks are probably to make similar hacks feasible in the potential.

Examine 10 remaining paragraphs | Reviews