According to recent revelations by a few security experts, the popular browsers Chrome and Firefox have been leaking Facebook data of their users for over a year. However, the problem is now seemingly fixed.
Chrome And Firefox Leaked Facebook Data Due To A Bug
A couple of days ago, a blog post by a security researcher shook up the world of cybersecurity as it revealed some shocking facts. It says that the commonly used browsers Google Chrome and Firefox leaked Facebook data of their users, making them vulnerable to hacking. The leaked data contained Facebook usernames, profile pictures, and details about the likes.
Ironically, the data leaks continued for more than a year. If the users visited any malicious website during the past year, they will have likely had their data at the risk of compromise.
This persistent Facebook data leak occurred due to a bug in these browsers. Precisely, the bug was caused due to the implementation of a new Cascade Style Sheets (CSS) feature known as ‘mix-blend-mode’. This feature was mainly introduced in CSS3 standard in 2016.
CSS3 Flaw Responsible For Facebook Data Leak – Bug Now Fixed
A security researcher at Google, Ruslan Habalov, revealed the details about the bug in both the browsers in his blog post on Thursday. Hablov states that he, along with Dario Weißer, began investigating the matter in 2017, after Hablov noticed a peculiar thing. He found his Facebook username and profile photo being displayed inside an iframed Facebook button on Pinterest’s homepage. Apparently, Pinterest cannot access the content from the iframe owing to the same-origin policy. However, the researchers were curious to verify if it was true.
They both went on to test different CSS features, such as ‘rotation’, ‘transparency’ and ‘mix-blend-mode’. They discovered a side channel attacking the mix-blend-mode feature. After careful experiments, the researchers were able to verify that this vulnerable feature could allow potential hackers to access user’s Facebook data.
The Problem Is Now Fixed
According to Hablov, they initially noticed that Chrome and Firefox leaked Facebook data of its users last year. However, Max May, another independent researcher, had already reported the problem to Chromium. Since then, they privately highlighted this issue once again to Facebook, Google, and Mozilla authorities. Google, which, fixed this problem with the Chrome version 63 released in December 2017. Whereas, Mozilla released the fix two weeks ago with its Quantum version 60.0.
If you have not updated your browsers, make sure to update now to protect your data.