We all must be aware of the Cambridge Analytica after the Facebook's data scandal broke out. Since then Facebook has been under the radar by a number of government agencies and regulators. The social media giant has also been accused of being ignorant when it comes to a user's right to privacy.
Now, the reports of two of the most popular web browser leaking Facebook data are surfacing online. The web browser that has been leaking the profile picture and the username of Facebook users for more than over a year are Google Chrome and Mozilla Firefox. The web browsers were able to manage this by exploiting the new standards for 'cascading style sheets' (CSS) that were implemented back in 2016.
The users who became the victim of this exploit were mostly those users who had visited malicious webpage by accident that hosted content from the Facebook by using iFrames. These malicious websites imitated Facebook's UI so that the users who are not attentive can easily be fooled.
It is being reported that the hackers had exploited a CSS feature named "mixed-blend-mode" in order to leak the technical information along with graphic content information that is associated with it. The hackers also made use of optical character decoders in order to collect the names of users and also the statuses posted by the users.
The flaw was identified by two independent research teams. The vulnerability was resolved for Google Chrome with the version 63 update that was released in late 2017. On the other hand, the vulnerability with Firefox was also fixed following the Firefox 60 update that was released almost two weeks ago. The vulnerabilities are not affecting the browsers at the moment; however, as per one of the researchers on the matter Dario Weißer, similar hack attacks are possible in the future. This is due to the rise of graphic-intensive content and standards like that of HTML 5.
Luckily, the Internet Explorer and Microsft Edge were not affected by the attacks as the Redmond giant had not implemented the mix-blend mode. Also, Apple's Safari was also safe against such attacks.