This persistent Facebook data leak occurred due to a bug in these browsers. Precisely, the bug was caused due to the implementation of a new Cascade Style Sheets (CSS) feature known as ‘mix-blend-mode’. This feature was mainly introduced in CSS3 standard in 2016.
Google security researcher Ruslan Habalov have posted a blog post about his research on Thursday, describes all the details about the bug. In this research he was not alone, Dario Weißer , another security researcher have worked together to bring this bug forward and proved it.
At the very beginning, Habalov found his Facebook username and profile photo being displayed inside an iframed Facebook button on Pinterest’s homepage. Apparently, Pinterest cannot access the content from the iframe owing to the same-origin policy, this brings him to catch this issue.
|Leaking the Facebook username (left) and profile picture (right) out of an embedded Facebook Iframe|
Another Researcher was also Here
Hablov, have wrote that he was not the first person to notice this bug, but another independent researcher Max May had already reported this issue to Google via Chromium. After that they have highlighted the issue to Facebook, and Mozilla.
Now the good news is that Google had fixed this issue on last December 2017 with the release of Chrome 63, whereas Mozilla released the fix two weeks ago with its Quantum version 60.0.
We always recommend our readers to get your system update, with the other apps too. If you haven't updated your browser then do it now.