Saturday, April 27, 2024

A Chrome Bug Allowed Hackers to Extract Your Private Data From Facebook and Other Web Platforms

By Guru baran

A new chrome bug allows attackers to extract private data that stored on Facebook and from other web platforms. The bug affects all the browsers including Chrome that use Blink browser engine. According to StatCounter, Chrome used by 59% of the Internet population.

The chrome bug takes advantage over the Audio/Video HTML tags that used in generating the requests from the target source. Imperva security researcher Ron Masas uncovered the bug with video and audio tags while researching with different HTML tags for cross-origin communications.

Cross-Origin Resource Sharing is a mechanism that uses HTTP headers to instruct web browsers and servers on how to utilize the cross-domain resources. It defines a way on how to request remote URLs when they have privileged.

Chrome Bug To Extract Private Data

Ron Masas found that the Audio/Video HTML failed to validate the content types, an attacker could inject hidden video or audio tags that request the crafted posts from Facebook that posted based on the restriction techniques.

When the user visits the attacker’s webpage which contains hidden video or audio tags that would request Facebook posts and by analyzing the request of which specific posts are called for the user the attackers able to extract the logged social networking individual user age from Facebook regardless of privacy settings within seconds.

Ron Masas created a javascript function that returns an estimation of a resource size, see “estimate_cross_origin_resource

Chrome Bug

An attacker can create crafted Facebook posts for all possible age based by using the Audience Restriction options that limits the visibility of the posts based on the age, location, gender, and other properties.

Chrome Bug

“With several scripts running at once each testing a different and unique restriction, the bad actor can relatively quickly mine a good amount of private data about the user. With the e-commerce or a SaaS site attackers even could extract login email address to correlate the private data for extensive and intrusive profiling.”

Now the issue has been fixed with Chrome 68 and users are strongly recommended to update with the latest version of chrome browser. The vulnerability tracked as CVE-2018-6177.

Also Read

Microsoft Edge Browser Vulnerability Allows Malicious Hackers Steal Your Computer Local Files

Let’s Encrypt Root Certificate Now Directly Trusted by Microsoft and all Major Root Programs

Hackers Distributing FELIXROOT Backdoor Malware using Microsoft Office Vulnerabilities

Managed WAF Protection

Website

Latest articles

CVE/vulnerability

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...
CVE/vulnerability

5000+ CrushFTP Servers Hacked Using Zero-Day Exploit

Hackers often target CrushFTP servers as they contain sensitive data and are used for...
Cyber Attack

13,142,840 DDoS Attacks Targeted Organization Around The Globe

DDoS attacks are a significant and growing risk that can overpower websites, crash servers,...
CVE/vulnerability

Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt...
Cyber Attack

Microsoft Publicly Releases MS-DOS 4.0 Source Code

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one...
Cyber Attack

New SSLoad Malware Combined With Tools Hijacking Entire Network Domain

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which...
Cyber Security News

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has issued urgent remediation advice after discovering a critical vulnerability, designated...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]