Researchers have found that it has been more than a year that Google Chrome and Mozilla Firefox keep on leaking the user’s Facebook name and profile picture. This happens when a user visits a malicious website that hacks your account on FB.
A new presentation of the document named cascading style sheets was introduced in 2016. This implementation led to a side channel vulnerability which helped in the extraction of all the data.
The Problem Of Identity Stealing
The visual content which the user hosts on Facebook was leaked by a new content named “mix blende mode” to other websites that has iframe linked to it and using some clever data to capture the leaked data. The security concept known as the same-origin policy does not allow the content that has been hosted on one domain to be available in any other domain. The vulnerability was important as it allowed the hackers to pass through the two most widely used browsers of the Internet.
This problem was later discovered independently by two different research teams. They fixed the problem last year in the version 63 of Google Chrome and a few weeks ago in the version 60 of the Mozilla Firefox.
The PoC requires less than a second to check the like status of the known website, less than 20 seconds to extract the username of the visitor, and around 5 minutes to get the profile picture of the visitor.
Several predictions have been made that there might be many more cases like that in the near future.