Chrome and Firefox Leaks Lead to Stolen Facebook Photos & User Details

  • An innovative hack has exploited a graphic feature until it was fixed on some of the top browsers including Chrome and Firefox.
  • Mix-blend-mode feature leaked the visual content to the hacker websites and made the browsers vulnerable.
  • The fix is temporary. The issue might return due to the increasing graphics capabilities in HTML and other coding languages.

The last-gen encryption methods of Google Chrome and Mozilla Firefox disclosed a vulnerable security patch. It was revealed that the security parameters of these browsers were easily hackable. This could have been a gateway to capture the data from the most popular social networking websites, such as Facebook.

Another shocking revelation is that the ‘mix-blend-mode’, which is a relatively new feature found in today's Web browsers, leaked the visual content of websites that include iframe linking. This jeopardizes 1 billion users of Facebook and puts them under a privacy threat.

The research that discovered these crucial revelations also disclosed that the data was extracted from these browsers through a side-channel vulnerability. This could have been due to the implementation of the new standards for cascading style sheets. Browsers like Chrome and Firefox usually avoid this vulnerability through a security concept that is called as same-origin policy. It is designed to block the content hosted on one domain to be available on the other.

Facebook Mobile

This discovery was revealed by two independent research teams and has been recently fixed by all the major internet browsers. The first versions that had fixed the security patches were Google Chrome V63 and Firefox 60. “For now, the security patches are fixed,” said one of the teams which made the discovery, “but the recent boost of graphics capabilities in HTML5 and CSS are likely to lead us to the same threat.

An Independent researcher Dario Weißer informed that due to increasing graphical abilities of platforms like HTML, CSS, and JavaScript, it is entirely possible to face a similar situation again. Dario Weißer, along with another independent researcher, demonstrated the vulnerability of Chrome and Firefox by extracting Facebook's profile pictures, usernames, likes from people who visited another website while being logged in to Facebook.

To demonstrate, he used an iframe to link it with Facebook which subsequently reflected the ‘login’ and ‘like’ button on the hacker’s page. Dario Weißer further explained that the same technique that protects this mishappening makes it vulnerable. A clever hacker can exploit this technique with the mix-blend mode function and easily extract the information. “Of course, we cannot directly access the iframe’s content,” Weißer said, “but we can put overlays over iframe and extract the information from the graphical interaction between the underlying pixels. The browser doesn’t leak the HTML, but the content of the targetted iframe does.

Habalov and Weißer informed this vulnerability to both Facebook and Google. They have also reported it to Skia which makes the graphics library that Chrome uses. Skia fixed this the same month they were informed, while Google fixed it in December. Facebook acknowledged the vulnerability but declared that it was unfeasible on their part.

Weißer and Habolv delayed to inform Firefox due to an error and waited until November 2017. This is the very reason why Firefox was late at fixing this issue. Firefox fixed it on the second of week of May 2018.

Do you feel safe with your browser? Let us know in the comments. Also, check our Top 6 alternatives for Mozilla Firefox

ICC World Test Championship Final 2023 Live Stream: How to Watch Test Cricket Online from Anywhere 
The pinnacle of test cricket is upon us, and the excitement is high ahead of what promises to be a thrilling contest...
How to Watch Avatar: The Way of Water Online from Anywhere
This year, Avatar: The Way Of Water became the third-highest-grossing picture of all time, collecting more than 2 billion dollars since its...
How to Watch It’s Always Sunny in Philadelphia Season 16 Online from Anywhere
It’s Always Sunny in Philadelphia Season 16 is here, and you will find below the premiere date, cast, plot, episode release schedule,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari