CSS or Cascading Style Sheets have become so powerful that it can be abused to deanonymize Facebook users. CSS can even be used to link IP addresses and profiles to real-life people. This tool is fast becoming a real threat to internet privacy. However, Facebook isn’t the only site that can be exploited because any site that allows content to be put on other webpages in iframes is vulnerable. At least Chrome and Firefox have fixed this issue so far. Once again this should make it plain to users of the internet that privacy is a fragile thing and you should refrain from voluntarily giving up your personal information on social media.



In research published today, Ruslan Habalov, a security engineer at Google in Switzerland, together with security researcher Dario Weißer, have revealed how an attacker could abuse CSS3 mix-blend-mode to leak information from other sites.

Discussion

Source: [H]ardOCP – CSS is so Overpowered it can Deanonymize Facebook Users