Facebook bug allowed other users see your personal chats

Facebook runs into another privacy-threatening bug.


Recently, a Facebook bug was found that allowed websites to gain user data due to a security flaw regarding cross-site frame leakage (CSFL). Now, the same team has discovered a now-fixed vulnerability that allowed websites to expose your personal chats through Facebook Messenger.

Facebook bug allowed other users see your personal chats


Imperva security researcher Ron Masas explained in a blog post how a CSFL attack could use the properties of iFrame elements and exploit an application. Running the same process through individual Messenger contacts would show either of the two states - full or empty. This determines whether a user has ever messaged that particular contact or not.

This doesn't go beyond that point. The process didn't retrieve conversations or show chat data, it just showed binary data with very few applications. So please put your nefarious plans to rest (if you had any).

Facebook was made aware of this bug, and given the history, the social media giant will be removing all iFrames from chatting service totally.

"Browser-based side-channel attacks are still an overlooked subject," Mases writes on the Imperva blog. "While big players like Facebook and Google are catching up, most of the industry is still unaware."

Besides, Facebook is also planning to add new features to its Messenger app. If the leaks are to be believed, the Messenger will soon get an 'unsend' button. However, there is no clear information regarding when exactly this feature will be rolled out to the users.

The addition of the new features seems important at the moment as the social media platform continues to lose active users at a drastic rate. However, its sister platform Instagram is gaining popularity exponentially.

Most Read Articles
Best Mobiles in India

Read More About: facebook social media news

Best Phones

Get Instant News Updates
Notification Settings X
Time Settings
Clear Notification X
Do you want to clear all the notifications from your inbox?
Yes No
Settings X
We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Gizbot sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Gizbot website. However, you can change your cookie settings at any time. Learn more