Windows 10: Chrome, Firefox iframe exploit can steal Facebook profile info

  1. Borg 386's Avatar
    Posts : 21,182
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       02 Jun 2018 #1

    Chrome, Firefox iframe exploit can steal Facebook profile info


    Chrome, Firefox iframe exploit can steal Facebook profile info and other personal data

    A side-channel attack on CSS could expose your personal data to malicious websites, unless you update your browser immediately.
    A pair of independent security researchers has revealed a serious flaw in cascading style sheets (CSSes) that could leave private user data exposed to malicious websites.

    The exploit allows a malicious website to steal Facebook profile pictures, the name associated with a profile, and a full list of pages the user has liked, all without requiring any interaction from the victim.

    A malicious site would only need to have a cross-site login iframe that pulls data from Facebook and uses mix-blend-mode, a graphical option added to CSS3 in 2016. From there it takes mere seconds to to steal user likes and a profile name. It only takes a few additional minutes for the malicious site to reconstruct the profile picture using layers of one-pixel DIV layers.

    It doesn't just affect Facebook users either—any website that allows iframes to pull data is susceptible to the attack.

    Chrome, Firefox iframe exploit can steal Facebook profile info and other personal data - TechRepublic
    Last edited by Brink; 02 Jun 2018 at 09:40.
      My ComputerSystem Spec


 

Related Threads
Source: Use Firefox Focus to keep Facebook contained on your mobile device | The Firefox Frontier
Source: Facebook Container Extension: Take control of how you're being tracked | The Firefox Frontier
Read more: DefenseCode - Home
I'd stopped using Firefox on my laptop for several month's due to multiple issues. However, yesterday I opened FF and everything was working fine. I started posting on FB and everything worked perfectly, then one of my posts just disappeared (the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:29.
Find Us